7699 matches found
CVE-2008-3305
The CVE-2008-3305 entry describes a Cross-site Scripting (XSS) vulnerability in the C. Desseno YouTube Blog (ytb) 0.1 platform, specifically in the file mensaje.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the m parameter. Concrete details across conne...
CVE-2008-3305
Cross-site scripting XSS vulnerability in mensaje.php in C. Desseno YouTube Blog ytb 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
CVE-2008-3308
CVE-2008-3308 : PHP remote file inclusion in cuenta/cuerpo.php of C. Desseno YouTube Blog (ytb) 0.1. When register_globals is enabled, an attacker can provide a URL in the base_archivo parameter to execute arbitrary PHP code on the server. Affected scenario: vulnerable 0.1 with register_globals. ...
PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-13: Persistent Cross-site Scripting XSS on Moodle via blog entry title Vulnerability found: 20/06/2008 Vendor informed: 25/06/2008 Vulnerability fixed: 16/07/2008 Advisory publicly released: 22/07/2008 Severity: High Description: By creating a ne...
YouTube Blog多个输入验证漏洞
BUGTRAQ ID: 30345 CNCAN ID:CNCAN-2008072304 YouTube Blog是一款基于PHP的博客程序。 YouTube Blog不正确处理用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意代码或获得目标用户敏感信息。 todos.php脚本对'id'参数缺少过滤,可导致SQL注入攻击。 mensaje.php脚本对'm'参数缺少过滤,可导致跨站脚本攻击。 'cuenta/cuerpo.php'对'basearchivo'参数缺少过滤,可导致远程文件包含,以WEB权限执行任意代码。 Carlos Desseno YouTube Blog 0.1...
YouTube Blog 0.1 (RFI/SQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title...
Maran PHP Blog Xss By Khashayar Fereidani
---------------------------------------------------------------- Script : Maran PHP Blog Type : XSS Pasive Method : GET Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website : HTTP://FEREIDANI.IR...
YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting
/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: YouTube Blog 0.1 Multiple Remote...
YouTube blog 0.1 - Remote File Inclusion SQL Injection Cross-Site Scripting
YouTube blog 0.1 - Remote File Inclusion SQL Injection Cross-Site Scripting / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| ||...
YouTube Blog 0.1 (RFI/SQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ============================================================== YouTube Blog 0.1 RFI/SQL/XSS Multiple Remote Vulnerabilities ============================================================== ScriptName ==:: YouTube Blog Download ====::...
youtubeblog-rfisqlxss.txt
/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: YouTube Blog 0.1 Multiple Remote...
Z-blog FUNCTION/c_function.asp跨站脚本攻击漏洞
Z-Blog是一款基于Asp平台的Blog博客网志程序,支持Wap,支持Firefox,Oprea等浏览器,在国内使用非常广泛,官方主页在http://www.rainbowsoft.org/。Z-blog代码严谨,前台功能简洁,后台功能强大,这为它的产品安全带来很大的优势,但是在上次的xss漏洞被公布后,80sec在产品中又发现一个严重的跨站脚本攻击漏洞,加上产品设计上的一些问题可能带来严重的后果。 在FUNCTION/cfunction.asp中,程序处理UBB标签的时候存在漏洞,导致任何用户可以在目标页面内执行任意js代码,利用该代码恶意用户可以获取目标站点的所有权限。漏洞代码如下...
Maran PHP Blog - 'comments.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30309/info Maran PHP Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Chipmunk Blog Blogger allow remote attackers to inject arbitrary web script or HTML via the membername parameter to 1 members.php, 2 comments.php, 3 photos.php, 4 archive.php, or 5 cat.php. NOTE: the provenance of this information is unknown; t...
CVE-2008-3186
Multiple cross-site scripting XSS vulnerabilities in Chipmunk Blog Blogger allow remote attackers to inject arbitrary web script or HTML via the membername parameter to 1 members.php, 2 comments.php, 3 photos.php, 4 archive.php, or 5 cat.php. NOTE: the provenance of this information is unknown; t...
CVE-2008-3186
Multiple cross-site scripting XSS vulnerabilities in Chipmunk Blog Blogger allow remote attackers to inject arbitrary web script or HTML via the membername parameter to 1 members.php, 2 comments.php, 3 photos.php, 4 archive.php, or 5 cat.php. NOTE: the provenance of this information is unknown; t...
CVE-2008-3186
Chipmunk Blog (Blogger) contains cross-site scripting (XSS) vulnerabilities in the membername parameter of five PHP scripts (members.php, comments.php, photos.php, archive.php, cat.php). Root cause: improper handling of user-supplied membername leads to script/HTML injection. Impact: allows remot...
Z-blog跨站脚本攻击漏洞
Z-Blog是一款基于Asp平台的Blog博客网志程序,支持 Wap,支持Firefox,Oprea等浏览器,在国内使用非常广泛,官方主页在http://www.rainbowsoft.org/。Z- blog代码严谨,前台功能简洁,后台功能强大,这为它的产品安全带来很大的优势,但是80sec在产品中发现一个严重的跨站脚本攻击漏洞,加上产品设计 上的一些问题可能带来严重的后果。 在FUNCTION/curlredirect.asp中,程序对提交的url参数做如下处理 strUrl=URLDecodeForAntiSpamRequest.QueryString"url"...
Fuzzylime CMS 3.01a - 'file' Local File Inclusion
!/usr/bin/perl ---------------------------------------------------------- Fuzzylime CMS 3.01 Multiple LFI / RCE author : Cod3rZ website : http://cod3rz.helloweb.eu ---------------------------------------------------------- http://site/blog.php?file=../file\0...
blogparticle-traverse.txt
/////// Blog Particle 8.0 Directory Traversal,Database credential \\\\ by: e.wiZz!Site: madspot.org Info: cybernetic is Gay Hacker ah ah ah ah. You are shame for .hr In the wild..... Vendor: blogparticle.comDork: "powered by BP Blog 8.0"Download: http://blog.betaparticle.com/uploads/blog8.0.zip...