Microcart 1.0 Checkout Cross Site Scripting

Exploit for php platform in category web applications /-------------------------------------------------------------------\ | Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability | -------------------------------------------------------------------/ Summary ======= Microcart 1.0 is...

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

/. /\ /\ /\ /\ / / // | | \ \ \ \ / / / /// / // / / / /// / // | / / \ | | | has ranked 2nd in the CMS Awards Popular Awards in the category SEO 2008. Anantasoft Gaselle CMS 1.0 is vulnerable to stored xss due to improper...

Netto.se Open Redirection

Background -------------- Netto is a supermarket chain based in denmark with stores in Denmark, Poland, Germany and Sweden. The following vulnerability affects the swedish branch site although similar ones may affect others. Vulnerability -------------- The vulnerability is present on the netto.s...

Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilitie

No description provided by source. Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilities TIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJECTION Detecting server-side JavaScript SSJS injection vulnerabilities using time-based techniques. Article by Feli...

SmartyCMS 0.9.4 Cross Site Scripting

TITLE: SmartyCMS 0.9.4 Template module Persistent XSS vendor: SmartyCMS Author: r007k17-w Email: [email protected] My blog: http://shadowrootkit.wordpress.com/ Google Dork: Copyright 2007 by SmartyCMS 0.9.4 built 334...

Multiple Bugs Haunt WordPress Setup

Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...

Facebook User Error Behind Porn, Mutilation Spam

A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection and not malicious code running on Facebook’s massive network, an independent analysis has shown. The campaign, in which violent and pornographic...

Cross Site Scripting Vulnerability in Speed Bit Search Engine

Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieve...

Cross Site Scripting Vulnerability in Speed Bit Search Engine

Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieve...

Online Subtitles Workshop - Cross-Site Scripting

=================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS vulnerabilities Author: M.Jock3R...

Online Subtitles Workshop XSS Vulnerability

Exploit for php platform in category web applications =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitl...

Adium 1.4.2 Cross Site Scripting

+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 08/02/2011 Vendor: ------- Adium - http://www.adium.im/ Affected Software:...

Zynga Cross Site Scripting

\ \ \ \ \ | / \ \ \ / /\ / /\ \ / / |/ /| | / / \ / / / | | /\ / \ / / /| | | / / // \ / || \ /\ // || || // // / / / ------------------------------------------------------------------------------------------------------------------------------------------------- Title: Zynga...

Chyrp < 2.1.1 Multiple Vulnerabilities

Chyrp is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

A company source cookie injection vulnerability-vulnerability warning-the black bar safety net

源码 下载 :http://www.mycodes.net/25/4585.htm Default background:admin/login. asp Injection point:http://127.0.0.1/shownews. asp? id=2 1 6 exp: javascript:alertdocument. cookie="id="+escape"2 1 6 and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0 from admin"; Either 1 of 2 fields...

Facebook Like Cross Site Scripting

+Title : FaceBook Like Cross Site Scripting +Auther : Bl4ck.Viper Turkish Hacker +Email : [email protected] +Date : 04/07/2011 +D0rk : inurl:"facebook/like.php?id" +Home : www.skote-vahshat.com +MyArchive : www.xpl.skote-vahshat.com This is a simple java script code for test ... now we inject...

RHEL 5 : ruby (RHSA-2011:0909)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0909 advisory. - ruby WEBrick log escape sequence CVE-2009-4492 - Ruby WEBrick javascript injection flaw CVE-2010-0541 - ruby: memory corruption in...

RHEL 4 : ruby (RHSA-2011:0908)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0908 advisory. - ruby WEBrick log escape sequence CVE-2009-4492 - Ruby WEBrick javascript injection flaw CVE-2010-0541 - ruby: memory corruption in...