CVE-2010-2437

Cross-site scripting XSS vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php...

Sql injection

SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO...

CVE-2010-2437

CVE-2010-2437 is an XSS vulnerability in AneCMS Blog 1.3 (and possibly earlier) where user input in the comment field of modules/blog/index.php is not sanitized, allowing remote attackers to inject arbitrary HTML/JavaScript. The connected HTBridge advisory provides an exploitation example for the...

CVE-2010-2436

CVE-2010-2436 affects AneCMS Blog (likely v1.3 and earlier) via an SQL injection in modules/blog/index.php caused by improper handling of PATH_INFO. A remote attacker can craft a URL to execute arbitrary SQL commands on the database. Public references corroborate a path-based SQL injection in Ane...

CVE-2010-2437

Cross-site scripting XSS vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php...

Joomla! Component com_eportfolio - Arbitrary File Upload

Joomla! Component comeportfolio - Arbitrary File Upload 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla comeportfolio Upload Vulnerability Date : june, 20 2010 Critical Level : HIGH Vendor Url :...

Moodle < 1.8.13 / 1.9.x < 1.9.9 Multiple Vulnerabilities

Binary data 5575.prm...

AneCMS 1.3 Cross Site Scripting / SQL Injection

Vulnerability ID: HTB22407 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinanecmsblogmodule.html Product: AneCMS Vendor: AneCMS Team Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type: Stored XSS Cross Site Scripting Status:...

2daybiz Network Community Script SQL Injection / XSS Vulnerability

Exploit for php platform in category web applications ================================================================== 2daybiz Network Community Script SQL Injection / XSS Vulnerability ==================================================================...

Stored XSS vulnerability in AneCMS blog module

Vulnerability ID: HTB22407 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinanecmsblogmodule.html Product: AneCMS Vendor: AneCMS Team Vulnerable Version: 1.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type: Stored XSS Cross Site Scripting Status:...

Google Releases Chrome 5.0.375.70

Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information. US-CERT encourages use...

Core FTP Server 1.0.343 Directory Traversal

============================================================================================================ //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

ConPresso 4.0.7 SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================== ConPresso 4.0.7 SQL Injection Vulnerability =========================================== ConPresso 4.0.7 SQL Injection Vulnerability Author : Gamoscu Homepage : http://www.1923turk.com Blog :...

CVE-2010-1955

Directory traversal vulnerability in the Deluxe Blog Factory comblogfactory component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-1955

Directory traversal vulnerability in the Deluxe Blog Factory comblogfactory component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-1955

Directory traversal vulnerability in the Deluxe Blog Factory comblogfactory component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-1955

Affected software: Joomla! Deluxe Blog Factory component (com_blogfactory) version 1.1.2. Vulnerability: Local File Inclusion via a directory traversal (.. in the controller parameter to index.php), enabling reading arbitrary files. Root cause: improper handling of the controller parameter leadin...

MidiCart PHP/ASP - Arbitrary File Upload

Exploit Title: MidiCart PHP,ASP Shell Upload Vulnerability Date: 17.05.2010 Author: DigitALL Software Link: http://download.cnet.com/MidiCart-PHP-Shopping-Cart/3000-26494-10064577.html Version: All Version Tested on: DigitALL Xp Version x1 Code : dork : inurl:"ordermoney.php" or...

Free Website Creator Cross Site Scripting

Exploit Title: webs.com Free Website Creator APPs XSS/HTML Injection Date: 8/5/2010 Author: isoz - http://bioworm.org/forum Software Link: http://webs.com Version: Any Tested on: Any OS CVE : - Code : Example: Description: Webs helps you make your own free website. Personal, group, and small...