7639 matches found
[ISecAuditors Security Advisories] Joomla! 1.5.10 JA_Purity Multiple Persistent XSS
============================================= INTERNET SECURITY AUDITORS ALERT 2009-006 - Original release date: April 5th, 2009 - Last revised: June 5th, 2009 - Discovered by: Juan Galiana Lara - Severity: 6.4/10 CVSS Base Score ============================================= I. VULNERABILITY...
CVE-2009-1915
Stack-based buffer overflow in the URL Search Hook ICQToolBar.dll in ICQ 6.5 allows remote attackers to cause a denial of service persistent crash and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder...
Old phishing sites still sending spam, attracting victims
The cooperative effort of ISPs, security vendors, volunteer groups and other interested parties has helped develop a quick and efficient method for taking down phishing sites, usually within hours or days of their appearance. However, many phishing sites that have been up for a week or more still...
CVE-2008-6758
Cross-site request forgery CSRF vulnerability in cartsave.php in ViArt Shop aka Shopping Cart 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting XSS attacks via the cartname parameter in a save action...
Cross site scripting
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...
CVE-2009-1414
CVE-2009-1414 pertains to Google Chrome 2.0.x, where modifications to the global object can persist across a page transition. The connected sources describe this as enabling universal XSS attacks via unspecified vectors, with the base CVSS v2 score listed as 4.3 (Medium) and an attacker that does...
CVE-2009-1414
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...
Rittal CMC-TC Processing Unit II Multiple Vulnerabilities
No description provided by source. Louhi Networks Oy -= Security Advisory =- Advisory: Rittal CMC-TC Processing Unit II multiple vulnerabilities Release Date: 2009-03-23 Last Modified: 2009-03-22 Authors: Henri Lindberg, CISA henri d0t lindberg at louhi d0t fi Application: Rittal CMC-TC PU II Web...
Researchers unveil persistent BIOS attack methods
Apply all of the browser, application and OS patches you want, your machine still can be completely and silently compromised at the lowest level–without the use of any vulnerability. That was the rather sobering message delivered by a pair of security researchers from Core Security Technologies i...
Joomla! Component Djice Shoutbox 1.0 - Persistent Cross-Site Scripting
Joomla Djice Shoutbox v 1.0 alert'XaDoS' or '"alert'XSS By XaDoS' the XSS become permanent in every page of site! not critical damage but it's not funny.. + D3M0: http://www.djiceatwork.com contact me at xados @ hotmail . it www.securitycode.it milw0rm.com 2009-03-10...
RitsBlog 0.4.2 (Authentication Bypass) SQL Injection Vulnerability / XSS Persistent Vulnerability
Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta +...
NovaBoard <= 1.0.1 / XSS Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard = 1.0.1 / XSS Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NovaBoard $ Version: = 1.0.1 $ File affected: index.php $ Download: http://www.novaboard.net/ Found by Pepelux pepeluxatenye-sec.org eNYe-Sec - www.enye-sec.org -- About...
Novaboard 1.0.1 - Cross-Site Scripting
Novaboard 1.0.1 - Cross-Site Scripting -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard eNYe-Sec - www.enye-sec.org -- About the program by the author's page -- NovaBoard is a free, feature rich community message board software written in PHP & MySQL that allows you to set up your own forum withi...
NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability
Exploit for unknown platform in category web applications ========================================================= NovaBoard alertdocument.cookie you can also send the user cookie to another site Non-persistent XSS:...
RitsBlog 0.4.2 (AB/XSS) Multiple Remote Vulnerabilities
No description provided by source. Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Autho...
NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability
No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NovaBoard = 1.0.1 / XSS Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: NovaBoard $ Version: = 1.0.1 $ File affected: index.php $ Download: http://www.novaboard.net/ Found by Pepelux pepeluxatenye-sec.org...
RitsBlog 0.4.2 SQL Injection / XSS
Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta +...
ritsblog 0.4.2 - Authentication Bypass Cross-Site Scripting
ritsblog 0.4.2 - Authentication Bypass Cross-Site Scripting Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore...
ritsblog 0.4.2 - Authentication Bypass / Cross-Site Scripting
Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta +...
InselPhoto 1.1 Cross Site Scripting
Software: InselPhoto v1.1 Persistent XSS Vulnerability Discovered by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754gmailcom Shouts: rBg && eternalsecurity For this Persistent XSS to work you have to: 1. Create a user account 2. Create an album 3. Upload any...