JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_themengraf.php?year' SQL Injection

source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of the SQL injection issues could...

[HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS

Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Desc: Maxwebportal 1.3.5 and prior Risk: High MaxWebPortal is probably the most spread ASP based web portal script. I've found multiple XSS and Sql injection that could easily lead to password strealing or porta...

dc_metacart_sqling.txt

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: MetaCart2 for PayFlow Multiple S...

Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities

Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities because the software fails to properly sanitize user-supplied data. Exploits will allow arbitrary HTML and script code to run in a victim's browser, allowing the attacker to steal cookie-based credentials a...

[ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation

Gentoo Linux Security Advisory GLSA 200504-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.

everything is now patched in CVS-current, including the ISIS bug infinite loop DOS bugs in tcpdump: ISIS isisprint infinite loop DOS. BGP RTROUTINGINFO infinite loop DOS. LDP ldpprint infinite loop DOS. the ISIS bug is in 3.8.x/3.9.1/CVS. did not check below 3.8.x the BGP and LDP bugs seem to be...

Multiple Sql injection vulnerabilities in BK Forum v.4

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injection...

Multiple Sql injection and XSS in CartWIZ ASP Cart

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injection and XSS i...

Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)

Severity: High Title: Multiple Sql injection and XSS in Asp Nuke 0.80 Working exploits included Date: 22/04/2005 Vendor: Asp Nuke Vendor Website: http://www.aspnuke.com/ Summary: There are, multiple sql injection and xss in asp nuke 0.80. Proof of Concept Exploits:...

PayProCart30.txt

This is a multi-part message in MIME format. ------=NextPart000000601C5395C.BF487B20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/...

Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Http Response Splitting...

Privilege escalation via DOM property overrides — Mozilla

mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileged UI code "chrome" being overly trusting of DOM...

Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software.

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. Date: March 29, 2005 Summary: There are multiple sql injection, xss...

Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 Date: March 27, 2005 Summary: There are multiple sql injection, xss vulnerabilities in the Vladerso...

Nuke BookMarks 0.6 - Marks.php SQL Injection

Nuke BookMarks 0.6 - Marks.php SQL Injection source: https://www.securityfocus.com/bid/12908/info Nuke Bookmarks is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or...

GLSA-200503-02 : phpBB: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-02 phpBB: Multiple vulnerabilities It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the...

realplayer -- remote heap overflow

Two exploits have been identified in the Linux RealPlayer client. RealNetworks states: RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no...

phpbb -- privilege elevation and path disclosure

The phpbb developer group reports: phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to...

glftpd.txt

Pimp industries. "Its all about the Bling, B^!%@s and Fame!" Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins : sitenfo.sh, sitezipchk.sh, siteziplist.sh C Paul Craig - Pimp Industries 2005 Background ------------- glftpd is an open source ftp server used by the more...

zeroboardXSS.txt

".,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,-'^'-,..,- '^'-,.." ".,-- ,. -.,--,." ".,--,. ALBANIA SECURITY CLAN -.,--,." ".,-- ,. -.,--,." ".,-- ,. ...::www.albanianhaxorz.org::... -.,--,." ".,--,.- -.,--,." ".,--,.- PROUD TO BE ALBANIAN -.,--,." ".,-- ,. -.,--,." ".,--,. Long Live Ethnic Albania...