DataLife Engine 6.9 Cross Site Scripting

Hello Bugtraq! I want to warn you about security vulnerability in Referer module for DataLife Engine DLE. ----------------------------- Advisory: Vulnerability in Referer for DataLife Engine ----------------------------- URL: http://websecurity.com.ua/3942/ ----------------------------- Affected...

Edimax AR-7084GA Cross Site Request Forgery / Cross Site Scripting

25 die"One or more of the parts can't be longer then 25 characters!"; $url="http://".$SERVER"SERVERNAME".$SERVER"REQUESTURI"; for$i=1; $i'; die; else $time=$GET"time"; $script=$GET"script"; ? /Forms/advnatvirsvr1" name="VIRTUALSVR...

CVE-2010-1243

The IBM Web Interface for Content Management aka WEBi before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors...

Code injection

The IBM Web Interface for Content Management aka WEBi before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors...

CVE-2010-1243

The IBM Web Interface for Content Management aka WEBi before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors...

Edimax AR-7084GA Router - Cross-Site Request Forgery Persistent Cross-Site Scripting

Edimax AR-7084GA Router - Cross-Site Request Forgery Persistent Cross-Site Scripting 25 die"One or more of the parts can't be longer then 25 characters!"; $url="http://".$SERVER"SERVERNAME".$SERVER"REQUESTURI"; for$i=1; $i'; die; else $time=$GET"time"; $script=$GET"script"; ? /Forms/advnatvirsvr1...

Edimax AR-7084GA Router CSRF + Persistent XSS Exploit

Exploit for hardware platform in category web applications ===================================================== Edimax AR-7084GA Router CSRF + Persistent XSS Exploit ===================================================== 25 die"One or more of the parts can't be longer then 25 characters!";...

Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting

25 die"One or more of the parts can't be longer then 25 characters!"; $url="http://".$SERVER"SERVERNAME".$SERVER"REQUESTURI"; for$i=1; $i'; die; else $time=$GET"time"; $script=$GET"script"; ? /Forms/advnatvirsvr1" name="VIRTUALSVRform" input type="hid...

Design/Logic Flaw

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php...

CVE-2010-1136

The CVE-2010-1136 issue affects Tiki Wiki CMS/Groupware 3.x up to, but not including, version 3.5. The vulnerability arises in the Standard Remember (persistent login) mechanism, where cookies are generated in a way that is predictable based on the client IP address and User-Agent in userslib.php...

Chilly CMS Cross Site Scripting

======================================================================= chillyCMS Persistent XSS Vulnerability ======================================================================= Vulnerability found in- Admin module email [email protected] company aksitservices Credit by Pratul Agrawal...

Joomla com_easygb presistent XSS Vulnerability

Exploit for unknown platform in category web applications ============================================== Joomla comeasygb presistent XSS Vulnerability ============================================== Joomla comeasygb presistent XSS Vulnerability Author: kazuya Contact: email protected Greetz to...

Chilly CMS <= 1.03 Non Persistent XSS Vulnerabilities

Exploit for unknown platform in category web applications ===================================================== Chilly CMS 'alert"EgoPL says: I'm a XSS" http://localhost:80/chillyCMS/admin/login.site.php?user='alert"EgoPL says: I'm a XSS" 0day.today 2018-04-14...

Ane CMS 1 - Persistent Cross-Site Scripting

Ane CMS 1 - Persistent Cross-Site Scripting ======================================================================= ANE CMS 1 Persistent XSS Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email...

BitWeaver <= 2.7 Non Persistent XSS Vulnerability

Exploit for unknown platform in category web applications ================================================= BitWeaver "alert"EgoPL says: I'm a XSS" There are more XSS fo...

60cycleCMS Persistent XSS Vulnerability

Exploit for unknown platform in category web applications ======================================= 60cycleCMS Persistent XSS Vulnerability ======================================= Software 60cycleCMS Category CMS / Portals Plateform php Proof of concept Targeted URL:...

60cycleCMS Cross Site Scripting

======================================================================= 60cycleCMS Persistent XSS Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company aksitservices Credit by...

bitweaver 2.7 persistant Xss Vulnerability

Exploit for unknown platform in category web applications ========================================== bitweaver 2.7 persistant Xss Vulnerability ========================================== prog ------------- bitweaver 2.7 vuln ------------- Persistant XSS in articles/edit.php logged only source...

Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal

Hacktics Research Group Security Advisory http://www.hacktics.com/view=Resources7CAdvisory By Irene Abezgauz, Hacktics. 22-Feb-2010 =========== I. Overview =========== During a penetration test performed by Hacktics' experts, a persistent cross-site scripting vulnerability was identified in the...

RSA 2010: Securosis Previews the Key Themes and Topics

Securosis analysts Rich Mogull, Adrian Lane and Mike Rothman tackle the key themes for this year’s RSA 2010 conference — virtualization/cloud security, advanced persistent threats/cybersecurity and compliance...