CVE-2008-1183

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

CVE-2008-1183

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

CVE-2008-1183

CVE-2008-1183 documents multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) prior to 2.14.6. The affected components are the web endpoints (livehelp.php, user_questions.php, leavemessage.php) where unspecified parameters can be exploited to inject script/HTML. Th...

Cross site scripting

Cross-site scripting XSS vulnerability in lostsheep.php in Crafty Syntax Live Help CSLH before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect...

CVE-2008-0848

Cross-site scripting XSS vulnerability in lostsheep.php in Crafty Syntax Live Help CSLH before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect...

CVE-2008-0848

Cross-site scripting XSS vulnerability in lostsheep.php in Crafty Syntax Live Help CSLH before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect...

CVE-2008-0848

Crafty Syntax Live Help (CSLH) is affected by CVE-2008-0848 due to an XSS vulnerability in lostsheep.php present in versions before 2.14.16. The entry states remote attackers can inject arbitrary script or HTML via unspecified vectors. The notes mention possible inaccuracies in the researcher’s v...

Crafty Syntax Xss Vulnerability

Crafty Syntax Live Help is an open source help desk system built mainly for small-mid sized companies. The software includes an xss vulnerability on lostsheep.php module. Versions effected: 2.4.13 - 2.4.14 -- Ozgur Ozdemircili CCNA, HIPAA, OPSEC, Open Source Security Systems...

Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusions

Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an...

Crafty Syntax Live Help 2.9.9 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/20711/info Crafty Syntax Live Help is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system...

Design/Logic Flaw

newimage.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php...

CVE-2006-1667

Summary: CVE-2006-1667 affects Eric Gerdes Crafty Syntax Image Gallery (CSIG) up to version 3.1g. The vulnerability is a SQL injection in slides.php caused when the variable $projectid is less than 1, which prevents the limitquery_s parameter from being set. This enables remote authenticated user...

PT-2006-2662 · Eric Gerdes · Crafty Syntax Image Gallery

Name of the Vulnerable Software and Affected Versions: Eric Gerdes Crafty Syntax Image Gallery CSIG versions 3.1g and earlier Description: The issue allows remote authenticated users to upload and execute arbitrary PHP code. This can be achieved by sending a multipart/form-data POST request with ...

Crafty Syntax Image Gallery 3.1g - Remote Code Execution

Crafty Syntax Image Gallery 3.1g - Remote Code Execution !/usr/bin/perl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any...

Crafty Syntax Image Gallery <= 3.1g Remote Code Execution Exploit

Exploit for unknown platform in category web applications ================================================================= Crafty Syntax Image Gallery = 4.0 + creating user account + user: 98fe56123 password: 7652L4M3l39q email: emai...

Crafty Syntax Image Gallery &lt;= 3.1g Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This...

CVE-2004-2355

Cross-site scripting XSS vulnerability in Crafty Syntax Live Help CSLH before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session...

CVE-2004-2355

Crafty Syntax Live Help (CSLH) prior to 2.7.4 is affected by a Cross-site scripting (XSS) vulnerability. The issue, described in CVE-2004-2355, allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session. Supported by NVD entry, the description ...

CVE-2004-2355

Cross-site scripting XSS vulnerability in Crafty Syntax Live Help CSLH before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session...

Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/10463/info CSLH is prone to multiple HTML injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. The problem presents itself in various modules of the application and can allow remote attackers to inject HTML...