b1gmail-xss.txt

b1gmail Cross Site Scripting ============================ Version: 6.3.1 site: http://www.b1gmail.de Profile: Cross Site Scripting Method: POST location: hilfe.php strings: "+onmouseover=alert1898233298+ http://site.com/hilfe.php?chapter="+onmouseover=alert1898233298+ credits: malibu.r powered by...

Phorum 5.1.20 - '/include/admin/banlist.php?delete' Cross-Site Request Forgery Banlist Deletion

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

forum livre 1.0 - SQL Injection / Cross-Site Scripting

Title : Forum Livre 1.0 Multiple Remote Vulnerabilities Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- Login Before..- http://target/path//infouser.asp?user=SQL Example:...

iPrimal Forums - adminindex.php Change User Password

iPrimal Forums - adminindex.php Change User Password !perl http://ipigroup.org/downloads/forums.zip Bl0od3r Germany shoutzz to all members of dC3 crew ,matrixkiller,eddie14 special to str0ke use IO::Socket; if @ARGVnewProto="tcp",PeerAddr="$host",PeerPort="80" or die "Error"; print $sock "POST...

Ottoman CMS 1.1.3 - '?default_path=' Remote File Inclusion (2)

!/usr/bin/perl use IO::Socket; Jacek Wlodarczyk j4ck - jacekwloatgmaildotcom Title: Ottoman CMS \r\n"; print "- - Victim's ta...

PunkBuster 1.229 - WebTool Service Remote Buffer Overflow (Denial of Service) (PoC)

PunkBuster 1.229 - WebTool Service Remote Buffer Overflow Denial of Service PoC Luigi Auriemma Application: PunkBuster http://www.punkbuster.com Versions: PunkBuster for servers, versions minor than v1.229: America's Army = v1.228 Battlefield 1942 = v1.158 Battlefield 2 = v1.184 Battlefield Vietn...

PunkBuster < 1.229 (WebTool Service) Remote Buffer Overflow DoS

No description provided by source. Luigi Auriemma Application: PunkBuster http://www.punkbuster.com Versions: PunkBuster for servers, versions minor than v1.229: America's Army = v1.228 Battlefield 1942 = v1.158 Battlefield 2 = v1.184 Battlefield Vietnam = v1.150 Call of Duty = v1.173 Call of Dut...

sBlog 0.7.2 - search.php?keyword POST Method Cross-Site Scripting

sBlog 0.7.2 - search.php?keyword POST Method Cross-Site Scripting source: https://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...

sBlog 0.7.2 - 'search.php?keyword' POST Method Cross-Site Scripting

source: https://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the...

[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

PoC : -------------------- 1 This flaw exists because the application does not validate the "nickname" variable upon submission to the post.php script via the POST method. hp://www.target/post.php?nickname="scriptalert'XSS'/script!-- --------------------...

“Cross-site”I see the vulnerability warning-the black bar safety net

Don't know what people think of cross-site attacks, really is a tasteless question? In fact, across the station is not only stealing the COOKIES so simple! See GET and POST two submission allow an external submission. Look at the following codeGET is: iframe...

RunCMS <= 1.2 Multiple Vulnerabilities

The version of RunCMS installed on the remote host allows attackers to overwrite arbitrary variables by passing them via a POST method and may also suffer from several SQL injection vulnerabilities resulting in, for example, disclosure of the admin password hash. %NASLMINLEVEL 70300 C Tenable...

GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacke...

[EXPL] PHP-Nuke POST Method Admin Variable Privilege Escalation

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2004-0743

Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak...

[XSS] PHP-Nuke 7.4 ViewAdmin Bug

CODEBUG Labs Advisory 3 Title: ViewAdmin Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org View Admin Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to view Admin account aid and to...

HTTP 'POST' Method Detection

Binary data 5696.prm...

CVE-2004-0743

Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak...

Web Server HTTP POST Method Handling Remote Overflow DoS

Nessus tests the stability of a remote web service by sending a significantly large HTTP POST and then confirms if the web service is still responsive. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10687; scriptversion "1.25"; scriptcvsdate"Date: 2018/12/21 16:12:09"...