roomphplanning15-user.txt

RoomPHPlanning v1.5 remote Arbitrary Add Admin Users Vulnerability + Script download :http://www.beaussier.com/roomphplanning/telecharge.php + Founded by : Stack + Greetz : All friends & muslims HaCkeRs... DESCRIPTION: RoomPHPlanning is vulnerable to add user whit go to link see down in colon Nom...

Webspell 4.01.02 2 Vulnerabilites

Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org 1 Cross-Site Scripting Vulnerability 2 Change User Permission XSRF Vulnerability 1 http://site.tld/path/index.php?site=whoisonline&sort="xss code 2 This creates a superadmin account, when an admin click a link, to a...

Apple Mac OS X v10.4.11之前版本多个安全漏洞

BUGTRAQ ID: 26444 CVECAN ID:...

CVE-2007-3331

Cross-site request forgery CSRF vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via 1 a certain HTML form that is posted automatically by JavaScript or 2 a news post...

Comprehensive and detailed analysis word asp-Trojan-vulnerability warning-the black bar safety net

The author of the article:cold on the lone maple Note: QQ: 8 9 2 2 4 8 7 4 personal home page: http:fk.3355.cn The so-called word insertion horse, is through to the service end of the submitted sentence short code to reach to the server to insert the Trojan horse and finally get webshell method. ...

Guestbara <= 1.2 Change Admin Login and Password Exploit

Exploit for unknown platform in category web applications ======================================================== Guestbara Guestbara Admin Email Admin Name Admin Pass by Kacper for DEVIL TEAM script download: http://www.hotscripts.pl/produkt-3051.html Greetz @ll DEVIL TEAM 0day.today 2018-04-11...

FreeBSD : Serendipity -- XSS Vulnerabilities (96ed277b-60e0-11db-ad2d-0016179b2dd5)

The Serendipity Team reports : Serendipity failed to correctly sanitize user input on the media manager administration page. The content of GET variables were written into JavaScript strings. By using standard string evasion techniques it was possible to execute arbitrary JavaScript. Additionally...

SpeedyASPForum.txt

Title : Speedy ASP Forumprofileupdate.asp User Pass Change Exploit Dork : Copyright © ASPwebSoft Author : ajann greetz : Nukedx Code: Save to .htm Pass Change //Coded ajann function islemKontrol ifdocument.InputForm.name.value=="" || document.InputForm.email.value=="" ||...

MiniNuke 1.8.2 - Multiple SQL Injections

Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke www.miniex.net Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can inject SQL query to the news.asp --- How&Example: GET -...

Opera Web Browser 8.0/8.5 - HTML Form Status Bar Misrepresentation

source: https://www.securityfocus.com/bid/15472/info A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. This vulnerability would most...

File Upload Manager Sploits

Below is some code for a recent unpatched exploit for file managers using php as the base code. Share this with the world and help protect. File Upload Manager - Bypass File Extension and Arbitrary File Delete nothing to see here @ hackthissite.org Through an input validation flaw, users are able...

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/11949/info A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead...

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation

source: https://www.securityfocus.com/bid/11949/info A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. The issue presents itself...

Microsoft Internet Explorer 6 - HTML Form Tags URI Obfuscation

source: https://www.securityfocus.com/bid/11565/info Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue is due to a failure of the affected application to properly handle specially crafted HTML anchor URI tags and various form tags. This issue may be leveraged ...

CVE-2004-0407

The CVE concerns ColdFusion MX 6.1: HTML form upload does not reclaim disk space when uploads are interrupted, enabling a remote attacker to perform a denial of service via repeated interrupted uploads. Affected component is the upload handling; root cause is improper disk space reclamation after...

Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation

Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/10023/info A vulnerability has been identified in Microsoft Internet Explorer that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be...

Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation

source: https://www.securityfocus.com/bid/10023/info A vulnerability has been identified in Microsoft Internet Explorer that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. The issue presents itse...

Microsoft Shlwapi.dll 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service

Microsoft Shlwapi.dll 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service source: https://www.securityfocus.com/bid/7402/info The 'shlwapi.dll' dynamic link library causes a calling application to fail when it attempts to render certain malformed HTML tags. This appears to be due to an...

Microsoft &#039;Shlwapi.dll&#039; 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service

source: https://www.securityfocus.com/bid/7402/info The 'shlwapi.dll' dynamic link library causes a calling application to fail when it attempts to render certain malformed HTML tags. This appears to be due to an attempt to perform a string comparison where one of the strings is a null pointer. I...

CVE-2002-0242

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...