2978 matches found
CVE-2004-2058
ASPRunner 2.4 allows remote attackers to gain sensitive information via 1 hidden form fields or 2 error messages...
CVE-2004-2058
CVE-2004-2058 affects ASPrunner 2.4, where a remote attacker can disclose sensitive information via (1) hidden form fields or (2) error messages. The core description in the CVE entry is that ASPRunner 2.4 allows information disclosure to unauthenticated remote actors. Connected documents corrobo...
ASP.NET __VIEWSTATE crypto validation prone to replay attacks
Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...
CVE-2004-2058
ASPRunner 2.4 allows remote attackers to gain sensitive information via 1 hidden form fields or 2 error messages...
CVE-2004-2330
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields...
Multiple Browsers - Tabbed Browsing
Multiple Browsers - Tabbed Browsing Test Your Browser Open the link below in a new tab, then try to type data into form fields on the CitiBank website. Open this Link in New Tab Result: Keystrokes you pressed on the CitiBank website. /textarea // milw0rm.com 2004-10-22...
Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity
Software: Invision Power Board Vendor: http://www.invisionboard.com/ Versions: U v1.3 Final Bug: Cross Site Scripting Vulnerabillity Risk: Medium Exploitation: Remote with browser Date: 29 Feb 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Web: http://theinsider.deep-ice.com 1...
CVE-2003-1212
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the 1 news, 2 lock, or 3 allmem fields in the 'start new topic' HTML page...
Max Web Portal 1.30 - Multiple Vulnerabilities
Max Web Portal 1.30 - Multiple Vulnerabilities Max Web Portal Multiple Vulnerabilities Vendor: Max Web Portal Product: Max Web Portal Version: alertdocument.cookie Remember this vuln as I will later explain how it can be used to aide an attacker to compromise user and admin accounts. Hidden Form...
CVE-2002-1462
details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields...
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure 1 source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software...
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure 2 source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software...
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1)
source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request; use...
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)
source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use strict; use Getopt::Std; use LWP::UserAgent; u...
CVE-2002-0457
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as , , and & in fields such as 1 name, 2 email, 3 AIM screen name, 4 website, 5 location, or 6 message...
CVE-2002-0730
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as 1 Name, 2 EMail, or 3 Homepage...
wp-02-0012: Carello 1.3 Remote File Execution
Westpoint Security Advisory Title: Carello 1.3 Remote File Execution Risk Rating: Medium Software: Carello Shopping Cart Platforms: Win2k, WinNT Vendor URL: www.carelloweb.com Author: Matt Moore [email protected] Date: 10th July 2002 Advisory ID: wp-02-0012 Overview: ========= Carello 1.3 is ...
MyHelpDesk 20020509 - HTML Injection
MyHelpDesk 20020509 - HTML Injection source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the...
MyHelpDesk 20020509 - HTML Injection
source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through...
CVE-2002-0257
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields 1 TITLE, 2 DESCTIT, 3 DESC, 4 searchstring, 5 ALIAS, 6 EMAIL, 7 ADDRESS1, 8 ADDRESS2, 9 ADDRESS3, 10 PHONE1, 11 PHONE2, 12 PHONE3, or ...