212 matches found
IBM Sterling Connect:Enterprise跨站脚本漏洞
CVE ID:CVE-2013-6327 IBM Sterling Connect是一款点到点文件传输软件,可实现企业内和企业间的大容量、安全可靠的文件交付。 IBM Sterling Connect:Enterprise存在一个未明跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时可获取敏感信息或者劫持用户会话。 0 IBM Sterling Connect:Enterprise 1.3.0.2 IBM Sterling Connect:Enterprise 1.4.0.0. 厂商补丁: IBM ----- IBM Sterling Connect...
webring Cross Site Scripting Vulnerability
Exploit for unknown platform in category web applications ========================================== webring Cross Site Scripting Vulnerability ========================================== ======================================================================================== | Title : webring Cro...
appservopen-xss.txt
========================================================== AppServ Open Project XSS =Example= Alert: - http://target/index.php?appservlang=" - http://target/index.php?appservlang=" Open Window - http://target/index.php?appservlang="window.open/phpinfo.php/ - http://target/index.php?appservlang="...
Unfixed XSS vulnerability at search.dunyagazetesi.com.tr
Security researcher St@rExT, has submitted on 19/08/2007 a cross-site-scripting XSS vulnerability affecting search.dunyagazetesi.com.tr, which at the time of submission ranked 47501 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/08/2007. It...
Cisco Unified MeetingPlace Web Conference跨站脚本漏洞
Cisco Unified MeetingPlace Web Conference是一款Web会议解决方案。 Cisco Unified MeetingPlace Web Conference不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 问题是对多个参数缺少充分过滤,可导致恶意脚本注入。构建恶意WEB页,诱使用户访问,可导致获得敏感信息。目前没有详细漏洞细节提供。 Cisco Unified MeetingPlace Web Conference 5.3.104.3 Cisco Unified MeetingPlace Web Conference...
simpcmslight-rfi.txt
Bug Found By Dr.RoVeR --Arab48 Hacker Contact: [email protected] --- Script: SimpCMS Light Download: http://www.simpcms.com/light/normal/simp-cms-light.zip -- Bug File: index.php Bug code in line 31: include $site.".php"; -- Exploit: http://site.com/path/index.php?site=EvilScript --...
Unfixed XSS vulnerability at www.nalp.org
Security researcher MaXWeL, has submitted on 04/07/2007 a cross-site-scripting XSS vulnerability affecting www.nalp.org, which at the time of submission ranked 1008261 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2007. It is currently...
[Full-disclosure] Apple Mac Tiger 10.4 weblog server
------------------------------------------------------------ - EXPL-A-2005-010 exploitlabs.com Advisory 039 - ------------------------------------------------------------ - Mac OSX Server weblog - AFFECTED PRODUCTS ================= Mac OSX 10.4.0 Weblog Server http://apple.com OVERVIEW ========...
STG Security Advisory 2004-11-22.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041122-11 JSPWiki XSS vulnerability Revision 1.0 Date Published: 2004-11-22 KST Last Update: 2004-11-22 Disclosed by SSR Team [email protected] Summary ======== JSPWiki is one of famous wiki web applications. It has...
Microsoft Internet Explorer - Remote Application.Shell
function InjectedDuringRedirection showModalDialog'md.htm',window,"dialogTop:-10000;dialogLeft:-10000;dialogHeight:1; dialogWidth:1;".location="vbscript:"""; setTimeout"myiframe.execScriptInjectedDuringRedirection.toString",100; setTimeout"myiframe.execScript'InjectedDuringRedirection' ",101;...
Secunia Research: Opera browser Cross Site Scripting
====================================================================== Secunia Research 26/02/2003 - Opera browser Cross Site Scripting - ====================================================================== Table of Contents 1..........................................................Description...
NullHTTPD crossite scripting
http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT...