Design/Logic Flaw

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests...

Design/Logic Flaw

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2011-4552

Multiple cross-site scripting XSS vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of 1 a new vote or 2 the eject member proposal feature...

CVE-2011-4553

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow 1 remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the returnto parameter, and allow 2 remote authenticated users to redirect users to arbitrary web sites and conduct phishing...

CVE-2011-4555

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service login disruption or spoof votes or comments by selecting a conflicting e-mail address...

CVE-2011-4677

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2011-4554

One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via 1 " double quote and newline characters in an org name or 2 " double quote characters in an e-mail address, related to a "2nd Order SMTP Injection" issue...

CVE-2011-4678

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests...

CVE-2011-4678

CVE-2011-4678 affects One Click Orgs prior to version 1.2.3. The password reset feature discloses user existence by returning different error messages for failed reset attempts based on whether an email address is registered. This creates a remote account-enumeration risk via successive reset req...

CVE-2011-4677

Vulnerability : CVE-2011-4677 affects One Click Orgs prior to 1.2.3. Root cause : authentication fields lack the off autocomplete attribute, enabling credential exposure on unattended workstations. Impact : supports easier access by remote attackers as described in sources; exact exploit details,...

CVE-2011-4555

CVE-2011-4555 affects One Click Orgs prior to version 1.2.3. The issue is that user accounts do not require unique e-mail addresses, enabling remote authenticated users to cause login disruption (denial of service) or to spoof votes/comments by selecting a conflicting e-mail address. Root cause: ...

CVE-2011-4554

CVE-2011-4554 concerns the project’s One Click Orgs software (before version 1.2.3). The issue arises from input handling in org names (and in email addresses) that allows crafting SMTP traffic via the characters “ (double quote) and newline, and via quotes in email addresses. This is described a...

CVE-2011-4553

The CVE-2011-4553 entry concerns One Click Orgs prior to version 1.2.3. The vulnerability class is open redirect: (1) unauthenticated remote attackers can redirect users to arbitrary sites via the return_to parameter, and (2) remote authenticated users can redirect via crafted characters in a sub...

CVE-2011-4552

CVE-2011-4552 affects One Click Orgs prior to version 1.2.3, with multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature. The connected Red Hat, NVD...

Pwning Just Keeps Getting More Fun

Exploit tools are the new point and shoot video games. If my grandma were alive, she could probably figure out how to install a Firefox plug-in and pwn all her nursing home friends on Facebook. Unfortunately, you can¹t say it’s getting easier to protect yourself on the Internet. If anything, it’s...

Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Vendor url:http://www.edgephp.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...

Macrovision InstallShield InstallScript One-Click Install ActiveX code exectuion

Control allows to download and execute dynamic library from remote site...