593 matches found
phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure
phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure to be used with cookie stealer located here: http://www.milw0rm.com/id.php?id=1103 https://www.exploit-db.com/exploits/1103/ Make sure you change www.milw0rm.com to your domain. thnx. /str0ke Author: threesixthousan / As long as html is...
multiVulns.txt
Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us : ------------------ First; e107 xss--- ------------------ link=http://w000000w00tw00t/asdadLIlink= onMouseOver='alertdocument.cookie;'...
maxwebportalxss.txt
--Alt-Boundary-12164.15822371 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Desc: Maxwebportal 1.3.5 and prior Risk: High MaxWebPortal is...
MaxWebPortal <= 1.35 Multiple Vulnerabilities
According to its banner, the remote host is running a version of MaxWebPortal that is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation of these flaws may result in password theft and/or site defacement. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
[HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS
Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Desc: Maxwebportal 1.3.5 and prior Risk: High MaxWebPortal is probably the most spread ASP based web portal script. I've found multiple XSS and Sql injection that could easily lead to password strealing or porta...
WordPress XSS and HTML injection
============================================================ Title: WordPress XSS and HTML injection Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 12/04/2005 Severity: Medium. users can obtain cookies of other users and defacement website Affected version:...
SnipSnap: HTTP response splitting
Background SnipSnap is a user friendly content management system with features such as wiki and weblog. Description SnipSnap contains various HTTP response splitting vulnerabilities that could potentially compromise the sites data. Some of these attacks include web cache poisoning, cross-user...
Invision Board spoof and defacement
-INTRO- All versions of Invisions Board have a flaw in their input filtering that allows an attacker to completely mess up Invision's display and in one case I managed to change the URL of some of the forums links, which could be used to refer users to fake login sites to collect passwords etc...
ISSalert: ISS Alert: Remote IIS Index Server ISAPI Extension Buffer Overflow
Internet Security Systems Security Alert June 19, 2001 Remote IIS Index Server ISAPI Extension Buffer Overflow Synopsis: ISS X-Force is aware of a serious vulnerability that can be used to attack all recent versions of Microsoft Internet Information Server IIS. A flaw exists in ISAPI Index Server...
ISSalert: Internet Security Systems Security Alert: Ramen Linux Worm
Internet Security Systems Security Alert January 18, 2000 Ramen Linux Worm Propagation Synopsis: A self-propagating worm known as Ramen is currently exploiting well-known holes in unpatched Red Hat Linux 6.2 systems and in early versions of Red Hat 7.0. In addition to scanning for additional...
Vulnerabilities in Informix Webdriver
Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it. Otherwise, webdriver will...
Hylafax 4.0 pl2 Faxsurvey - Remote Command Execution
source: https://www.securityfocus.com/bid/2056/info Hylafax is a popular fax server software package designed to run on multiple UNIX operating systems. Unpatched version of Hylafax ship with an insecure script, faxsurvey, which allows remote command execution with the privileges of the web serve...
Info2www 1.01.1 - CGI Input Handling
Info2www 1.01.1 - CGI Input Handling source: https://www.securityfocus.com/bid/1995/info The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web...