289 matches found
Netgear WNR2000v4 Abuse / XSS / Command Injection Vulnerabilities
Netgear WNR2000v4 suffers from code execution, missing abuse control, and cross site scripting vulnerabilities. I'm releasing a few vulnerabilities for the WNR2000v4 Netgear router. Netgear is currently working these issues. Quick Fix --------- If you own a WNR2000v4, set a strong password and se...
Subrion 3.3.0 Cross Site Request Forgery
Affected software: subrion Type of vulnerability: csrf to sql injection URL: http://demo.subrion.org Discovered by: Provensec Website: http://www.provensec.com version v3.3.0 Proof of concept no csrf protection on database form which made subrion to vulnerable to database injection vuln parameter...
Feng Office 1.7.4 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/47049/info alert0" / alert0" /...
Square: CSRF on adding clients
Authenticate to an account. 2. Trick the victim to submit the following HTML: input type="hidden"...
X (Formerly Twitter): HTML form without CSRF protection at http://try.crashlytics.com/enterprise/
Vulnerability description:- This alert may be a false positive, manual confirmation is required. Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitte...
Beetel 450TC2 Router Admin Password CSRF Vulnerability
No description provided by source. ??!-- Exploit Title: Beetel 450TC2 Router Admin Password Cross Site Request Forgery Vulnerability Date: 30/04/2014 Exploit Author: shyamkumar somana Vendor Homepage: www.beetel.in Version: 450TC2 - Firmware version : TX6-0Q-005retail Tested on: Windows 8 Beetel...
SPI Dynamics WebInspect 5.0.196 Cross Application Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14385/info WebInspect is vulnerable to a cross-application script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied data prior to including it in content rendere...
RV Article Publisher CSRF Vulnerability
No description provided by source. Exploit Title: RV Article publisher CSRF Vulnerability Date: 26/08/2012 Author: DaOne @LibyanCA Vendor: http://www.scripts4webmasters.com Greetings to LCA CSRF Add Admin html body onload=document.form0.submit; form method=POST name=form0...
Microsoft Internet Explorer 5.0 HTML Form Control DoS
No description provided by source. Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 HTML Form Control DoS source: http://www.securityfocus.com/bid/606/info Certain Microsoft applications IE5, Outlook Express 5 are unable to display large HTML form fields within HTML tables...
Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/11565/info Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue is due to a failure of the affected application to properly handle specially crafted HTML anchor URI tags and various form...
Apple Safari Web Browser 1.x HTML Form Status Bar Misrepresentation Vulnerability
source: http://www.securityfocus.com/bid/11949/info A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. The issue presents itself...
Brian Dorricott MAILTO 1.0.7-9 Unauthorized Mail Server Use Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3669/info MAILTO is a program maintained by Brian Dorricott. It enables web servers to allow forms to be converted into mail messages that can be sent to numerous recipients. An issue exists in MAILTO which could allow an...
Site2Nite Big Truck Broker "txtSiteId" SQL Injection Vulnerability
No description provided by source. !-- Site2Nite Big Truck Broker txtSiteId SQL Injection Vulnerability PRODUCT: Site2Nite Big Truck Broker PRODUCT URL: http://www.site2nite.com/productdetail.asp?id=14 RESEARCHERS: underground-stockholm.com RESEARCHERS URL: http://underground-stockholm.com/ -- ht...
Excite for Web Servers 1.1 Administrative Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2665/info Excite for Web Servers 1.1 EWS is a search engine suite for web servers running under Windows NT and UNIX. By default the file containing the administrative password, architext.conf, is world readable and world...
List Site Pro 2.0 User Database Delimiter Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to...
NooMS CMS 1.1.1 - CSRF
No description provided by source. NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd tr...
TWiki 4.x URLPARAM Variable Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32669/info TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Maxwebportal <= 1.36 password.asp Change Password Exploit (1 - html)
No description provided by source. !-- Hi, I'm Soroush Dalili from Grayhatz Security Group GSG . I found dangerous sql injection in Maxwebportal version 1.35,1.36,2.0, 20050418 Next Remote user can inject his/her code in memKey var. and change other users password in password.asp Exploit codes to...
D-Link VoIP Phone Adapter - XSS/CSRF Remote Firmware Overwrite
No description provided by source. D-link VoIP Phone Adapter XSS and XSRFremote firmware overwrite model number: DVG-2001s f/w version 1.00.007 Better than just remote code execution, you control the firmware. html form action=http://10.1.1.166/Forms/cbiSetSWUpdate?16640,0,0,0,0,0,0,0,0 method=PO...
Opera Web Browser 8.0/8.5 HTML Form Status Bar Misrepresentation Vulnerability
source: http://www.securityfocus.com/bid/15472/info A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. This vulnerability would most...