Cross-Site Scripting (XSS) in Ilch CMS

High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting XSS attacks against users and administrators of vulnerable application. 1 Cross-Site Scripting XSS in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...

iTechClassifieds 3.03.057 SQL注入漏洞

漏洞起因 输入验证错误 影响系统 iTechClassifieds v3.03.057 危害 远程攻击者可以利用漏洞在 ChangeEmail.php 和 ViewCat.php 页面进行SQL注入攻击，可获得敏感信息或操作数据库。 攻击所需条件 攻击者构造特殊输入访问 iTechClassifieds 。 漏洞信息 iTechClassifieds 不正确处理用户输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题存在于 ChangeEmail.php 和 ViewCat.php 脚本中，由于对 PreviewNum 参数 和 CatID...

Dokeos 2.2 RC2 (index.php, language param) - SQL Injection Vulnerability

Exploit for php platform in category web applications High-Tech Bridge Security Research Lab discovered vulnerability in Dokeos, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Dokeos: CVE-2013-6341 The vulnerability exists due to insufficient validation of "language"...

Cotonti 0.9.13 SQL Injection

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-4789...

SPIP connect Parameter PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. Vulnerable versions are 'SPIP connect Parameter PHP Injection',...

XSS Vulnerabilities in OpenCms

High-Tech Bridge Security Research Lab discovered 2 XSS vulnerabilities in OpenCms, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Multiple Cross-Site Scripting XSS in OpenCms: CVE-2013-4600 1.1 The vulnerability exists due to insufficien...

NetCat CMS v5.0.1 - Multiple Web Vulnerabilities

Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...

NetCat CMS v5.0.1 - Multiple Web Vulnerabilities

Document Title: =============== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=738 Release Date: ============= 2012-10-31 Vulnerability Laboratory ID VL-ID: ==================================== 738 Common...

NetCat CMS v5.0.1 - Multiple Web Vulnerabilities

Document Title: =============== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=738 Release Date: ============= 2012-10-31 Vulnerability Laboratory ID VL-ID: ==================================== 738 Common...

NetCat CMS 5.0.1 Cross Site Scripting / HTTP Parameter Pollution

Title: ====== NetCat CMS v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-10-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=738 VL-ID: ===== 738 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============= Vendor...

WordPress Spider Calendar Plugin - Multiple Vulnerabilities

Spider Calendar plugin is prone to multiple vulnerabilities such as cross-site scripting, SQL injection and HTTP parameter pollution. Solution Update the plugin...

WordPress Plugin spider Calendar - Multiple Vulnerabilities

Exploit Title: Wordpress spider calendar Plugin Multiple Vulnerabilities Dork: N/A Date: 02-10-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://wordpress.org/extend/plugins/spider-calendar/ Version: 1.0.1 License: Non-Commercial Demo:...

WordPress Spider 1.0.1 SQL Injection / XSS

Exploit Title: Wordpress spider calendar Plugin Multiple Vulnerabilities Dork: N/A Date: 02-10-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://wordpress.org/extend/plugins/spider-calendar/ Version: 1.0.1 License: Non-Commercial Demo:...

WordPress Plugin spider Calendar - Multiple Vulnerabilities

WordPress Plugin spider Calendar - Multiple Vulnerabilities Exploit Title: Wordpress spider calendar Plugin Multiple Vulnerabilities Dork: N/A Date: 02-10-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://wordpress.org/extend/plugins/spider-calendar/ Version: 1.0.1 License:...

VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities

...:::::VICIDIAL call center suite Blind SQL Injection Vulnerability::::.... Sepahan TelCom IT Group septelcom ------------------------------------------------------- Date: 2012-09-07 Exploit Author: Sepahan TelCom IT Group septelcom Vendor Homepage: http://www.vicidial.org Software Link:...

CVE-2012-2965

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue...

Design/Logic Flaw

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue...

CVE-2012-2965

CVE-2012-2965 affects Caucho Quercus on Resin prior to version 4.0.29. The vulnerability arises from improper handling of unspecified characters in variable names, related to an HTTP Parameter Contamination issue, with unknown impact and remote attack vectors. Remediation per multiple sources is ...

Blogger.com vulnerability, Gaining Administrative Privileges on any Account !

Blogger.com vulnerability, Gaining Administrative Privileges on any Account ! In the last 2 months,Nir.Goldshlager participated in Google reward program and found some High, Serious vulnerabilities. The vulnerability that Nir.Goldshlager want to share first, Is a critical vulnerability in Blogger...

Oracle Sun Java System Web Server - HTTP Response Splitting

Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...