InselPhoto 1.1 - Cross-Site Scripting

InselPhoto 1.1 - Cross-Site Scripting Software: InselPhoto v1.1 Persistent XSS Vulnerability Discovered by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754gmailcom Shouts: rBg && eternalsecurity For this Persistent XSS to work you have to: 1. Create a user account...

InselPhoto 1.1 - Cross-Site Scripting

Software: InselPhoto v1.1 Persistent XSS Vulnerability Discovered by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754gmailcom Shouts: rBg && eternalsecurity For this Persistent XSS to work you have to: 1. Create a user account 2. Create an album 3. Upload any...

InselPhoto 1.1 Persistent XSS Vulnerability

No description provided by source. Software: InselPhoto v1.1 Persistent XSS Vulnerability Discovered by: Paul Hand aka rAWjAW Blog: http://rawjaw-security.blogspot.com E-mail: phand3754atgmaildotcom Shouts: rBg && eternalsecurity For this Persistent XSS to work you have to: 1. Create a user accou...

SMF 1.1.7 Persistent XSS (requires permision to edit censor)

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

PR08-22: Persistent XSS on Novell GroupWise WebAccess

PR08-22: Persistent XSS on Novell GroupWise WebAccess Vulnerability found: 2nd October 2008 Vendor contacted: 3rd October 2008 Advisory publicly released: 30th January 2009 Severity: High Credits: Jan Fry of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Novell for working with us in such a...

Enano 1.0.5 Persistent Cross Site Scripting

Enano 1.0.5 persistent XSS IE7, numeric http://enanocms.org http://site/enano-1.0.5/index.php?title=MainPage&do=comments&sub=postcomment POST: name=XSS&subj=TEST&text=%3C/xss/-/style=xss:e//xpressionalert000%3E Authors notified: Jan 16 Patch 1.0.6: Jan 17 Public: Jan 23 http://nukeit.org...

USN-690-1: Firefox and xulrunner vulnerabilities

Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2008-5500, CVE-2008-5501, CVE-2008-5502 It was discovered that Firefox did not properly handle persistent cookie data. If ...

User tracking via XUL persist attribute — Mozilla

Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from...

CVE-2008-5113

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery CSRF attacks via crafted cookies, as demonstrated by attacks that 1 delete user accounts or 2 cause a...

metrica-xss.txt

Metrica Service Assurance Multiple Cross Site Scripting Author: Francesco Bianchino Email: [email protected] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architectur...

CVE-2008-4907

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service persistent crash via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsi...

Cross-Site Scripting vulnerability in Opera

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Opera. При сохранении страницы со “специальным” URL, в коде страницы сохраняется XSS код. И происходит выполнение XSS кода при открытии данной страницы причём её открытии в любом браузере, не только в Opera. XSS:...

Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution

bb var z=null; function x window.setTimeout"z=window.open'opera:historysearch?q=%2A';window.focus;",1500; window.setTimeout"z.close;",3000; window.setTimeout"location.href='mailto:'",3000; " onclick="x"Click me... s=document.createElement"IFRAME"; s.src="opera:config"; document.body.appendChilds;...

[SECURITY] Fedora 9 Update: neon-0.28.3-1.fc9

neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete S...

Design/Logic Flaw

gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service divide-by-zero error and application crash via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of...

Explay CMS <= 2.1 Persistent XSS and CSRF Vulnerability

No description provided by source. ================================== Explay CMS = 2.1 Persistent XSS and CSRF ================================== Discovered by hodik Mail: [email protected] 1. Persistent XSS This CMS has bad anti-XSS filter that cut only some basic vectors. The loginned user can...

explay-xssxsrf.txt

================================== Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text...

Explay CMS <= 2.1 Persistent XSS and CSRF Vulnerability

Exploit for unknown platform in category web applications ======================================================= Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text. 0day.today 2018-02-13...

Explay CMS 2.1 - Persistent Cross-Site Scripting Cross-Site Request Forgery

Explay CMS 2.1 - Persistent Cross-Site Scripting Cross-Site Request Forgery ================================== Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text. milw0rm.com 2008-09-19...

Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery

================================== Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text. milw0rm.com 2008-09-19...