CGI Generic Cross-Site Request Forgery Detection (potential)

Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery XSRF protection. The web application might be vulnerable to XSRF attacks. Note that : - Nessus did not exploit the flaw. - Nessus cannot...

Exploit Release : XAMPP 1.7.3 multiple Vulnerabilities

Exploit Title: XAMPP = 1.7.3 multiple vulnerabilites Author: TheLeader Software Link: https://www.apachefriends.org/en/xampp-windows.html Affected Version: 1.7.3 and prior Tested on Windows XP Hebrew, Service Pack 3 I. File disclosure : XAMPP is vulnerable to a remote file disclosure attack. The...

XAMPP 1.7.3 - Multiple Vulnerabilities

XAMPP 1.7.3 - Multiple Vulnerabilities / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / ,'; if $REQUEST'showcode' != 1 echo ''.$TEXT'global-showcode'.''; else $file = filegetcontentsbasename$SERVER'PHPSELF'; echo "".$TEXT'global-sourcecode'.""; echo ""; echo...

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

Cross site scripting

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

CVE-2009-0237

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

NeBoard Sql Injection Vulnerability

Discovered by : AleminKrali NeBoard Sql Injection Vulnerability Post Sql Dork :inurl:show.asp?id= ref= step= level= page= 2 html form 1.Form:It takes it:ID NAME 2.Form:Admin Password and later HTTP://SITE.COM/admin/boardedit.asp?id=IDNAME we are entering and 2.form Admin Password ile Login we are...

JVN#45389864 CGIWrap error page cross-site scripting vulnerability

CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...

yet more XSS in older versions of ColdFusion

This only affects ColdFusion versions 5 and below. It does not affect CFMX. This is similar to previously reported XSS issues with CF, but not identical to any that I have seen reported. Cold Fusion has a "feature" that allows a developer to add validation to HTML forms by using specially named...

liberoXSS.txt

--Security Report-- Advisory: libero.it XSS vulnerability - HTML injection --- Author: Davide Denicolo --- Date: 28/04/06 --- Contact: davidesecurityinfos.com --- Vendor: ItaliaOnLine S.r.l http://www.libero.it Service: Web Level: Low --- Description: Libero.it is a Web portal of big Italian ISP:...

Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page

Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...