4978 matches found
Movable Type Pro 5.13en - Persistent Cross-Site Scripting
Movable Type Pro 5.13en - Persistent Cross-Site Scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive,...
Movable Type Pro 5.13en Cross Site Scripting
Our researchers discovered a persistent XSS vulnerability, allowing an attacker to inject arbitrary script code into the comment section of any existing Mt5.13en installation. Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Ty...
Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability
/------------------------------------------------------------------- | Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability | -------------------------------------------------------------------/ Summary ======= Microcart 1.0 is subject to several cross-site scripting vulnerabilities...
Microcart 1.0 Checkout Cross Site Scripting
Exploit for php platform in category web applications /-------------------------------------------------------------------\ | Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability | -------------------------------------------------------------------/ Summary ======= Microcart 1.0 is...
WordPress MF Gig Calendar 0.9.2 Cross Site Scripting
/---------------------------------------------------------\ | MF Gig Calendar Wordpress Plugin - Cross-Site Scripting | ---------------------------------------------------------/ Summary ======= MF Gig Calendar 0.9.2 is subject to a cross-site scripting vulnerability. The value of a generic...
CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions
The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...
Anantasoft Gazelle CMS 1.0 Cross Site Scripting
/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | has ranked 2nd in the CMS Awards Popular Awards in the category SEO 2008. Anantasoft Gaselle CMS 1.0 is vulnerable to stored xss due to improper...
Netto.se Open Redirection
Background -------------- Netto is a supermarket chain based in denmark with stores in Denmark, Poland, Germany and Sweden. The following vulnerability affects the swedish branch site although similar ones may affect others. Vulnerability -------------- The vulnerability is present on the netto.s...
Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilitie
No description provided by source. Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilities TIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJECTION Detecting server-side JavaScript SSJS injection vulnerabilities using time-based techniques. Article by Feli...
SmartyCMS 0.9.4 Cross Site Scripting
TITLE: SmartyCMS 0.9.4 Template module Persistent XSS vendor: SmartyCMS Author: r007k17-w Email: [email protected] My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2007 by SmartyCMS 0.9.4 built 334...
Multiple Bugs Haunt WordPress Setup
Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...
Facebook User Error Behind Porn, Mutilation Spam
A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection and not malicious code running on Facebook’s massive network, an independent analysis has shown. The campaign, in which violent and pornographic...
Cross Site Scripting Vulnerability in Speed Bit Search Engine
Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieve...
Cross Site Scripting Vulnerability in Speed Bit Search Engine
Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieve...
Online Subtitles Workshop - Cross-Site Scripting
=================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS vulnerabilities Author: M.Jock3R...
Online Subtitles Workshop XSS Vulnerability
Exploit for php platform in category web applications =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitl...
Adium 1.4.2 Cross Site Scripting
+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 08/02/2011 Vendor: ------- Adium - http://www.adium.im/ Affected Software:...
Zynga Cross Site Scripting
\ \ \ \ \ | / \ \ \ / /\ / /\ \ / / |/ /| | / / \ / / / | | /\ / \ / / /| | | / / // \ / || \ /\ // || || // // / / / ------------------------------------------------------------------------------------------------------------------------------------------------- Title: Zynga...
Chyrp < 2.1.1 Multiple Vulnerabilities
Chyrp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[oCERT-2011-001] Chyrp input sanitization errors
2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...