7638 matches found
wp205-xss.txt
Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 latest WordPress is a popular open source blogging software. A persistent XSS vulnerability has been found in...
[Full-disclosure] WordPress Persistent XSS
Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 latest See homepage for more details. WordPress was contacted: 26/12/06 22:04 BST Reply received: 27/12/06 06:11...
PHP Command Shell, Bind TCP (via Perl)
Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
CVE-2006-3205
Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to gain access via modified userenv, passenv, powerenv, and idenv parameters in a cookie, which comprise a persistent logon that does not vary across sessions...
PT-2006-4100 · Upb · Ultimate Php Board
Name of the Vulnerable Software and Affected Versions: Ultimate PHP Board UPB versions 1.9.6 and earlier Description: The issue allows remote attackers to gain access by modifying certain parameters in a cookie. These parameters, including user env, pass env, power env, and id env, can be exploit...
WikiNi Persistent Cross Site Scripting Vulnerability
Hi, I've found a vulnerability more than 2 months ago, and notified the developers, but still no answer, so I'm posting here. http://zone14.free.fr/advisories/3/ Vendor: WikiNi Vulnerable: WikiNi 0.4.2 and below Persistent Cross Site Scripting A persistent XSS vulnerability is the most dangerous...
FreeBSD : pubcookie-login-server -- XSS vulnerability (855cd9fa-c452-11da-8bff-000ae42e9b93)
"Nathan Dors of the Pubcookie Project reports : Multiple non-persistent XSS vulnerabilities were found in the Pubcookie login server's compiled binary 'index.cgi' CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to...
aklink-sa-2006-001-jsboard-xss.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2006-001 ||| ||| CAN-2006-2109 CVE candidate ||| ============================================ JSBoard - Cross Site Scripting Attack ===================================== Date...
JSBoard XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2006-001 ||| ||| CAN-2006-2109 CVE candidate ||| ============================================ JSBoard - Cross Site Scripting Attack ===================================== Date...
Pubcookie application server modules contain cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...
Buffer overflow
The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...
geronimo_css.txt
Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities ======================================================================== Product: ======== Apache Geronimo is the J2EE server project of the Apache Software Foundation. Version: ======== Apache Geronimo 1.0, Jetty 5.1.9...
[Full-disclosure] SiteStudio
------------------------------------------------------------ - EXPL-A-2005-008 exploitlabs.com Advisory 037 - ------------------------------------------------------------ - Site Studio - AFFECTED PRODUCTS ================= Site Studio Positive Software Corporation https://www.psoft.net OVERVIEW...
Exploit Labs Security Advisory 2005.6
------------------------------------------------------------ - EXPL-A-2005-006 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - XAMPP - OVERVIEW ======== XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really ve...
[Full-disclosure] XAMPP
------------------------------------------------------------ - EXPL-A-2005-006 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - XAMPP - OVERVIEW ======== XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really ve...
Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service
Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service source: https://www.securityfocus.com/bid/11232/info The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. The issue exists due to a lack of sanity checks performed on the...
Pinnacle ShowCenter 1.51 - Web Interface Skin Denial of Service
source: https://www.securityfocus.com/bid/11232/info The Pinnacle Systems ShowCenter web-based interface is reported prone to a remote denial of service vulnerability. The issue exists due to a lack of sanity checks performed on the Skin parameter of a ShowCenter script. It is reported that the...
DEBIAN-CVE-2004-0230
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP...
CVE-2004-0230
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP...
CVE-2004-0230
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service connection loss to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP...