966 matches found
SQL Injection in doorGets CMS
High-Tech Bridge Security Research Lab discovered vulnerability in doorGets CMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in doorGets CMS: CVE-2014-1459 The vulnerability exists due to insufficient validation of "positiondownid" HTTP POST parameter passed to...
InstantCMS 1.10.3 SQL Injection Vulnerability
InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability. Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21...
BoxBilling 3.6.11 Cross Site Scripting
BoxBilling 3.6.11 modnotification Stored Cross-Site Scripting Vulnerability Vendor: BoxBilling Product web page: http://www.boxbilling.com Affected version: 3.6.11 modnotification 1.0.0 Summary: BoxBilling is a free billing, invoicing & client management software. Desc: BoxBilling suffers from a...
Chamilo LMS 1.9.6 (profile.php, password0 param) - SQL Injection Vulnerability
Exploit for php platform in category web applications High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of...
vBulletin vBSEO 3.2.0 / 3.6.0 Cross Site Scripting
Exploit Title : Cross Site Scripting XSS - Stored vulnerability in vBulletin SEO Plugin vBSEO. Found By : Yogesh Jaygadkar | http://www.jaygadkar.com/ Tested versions : vBSEO 3.2.0 & vBSEO 3.6.0 Tested with : vBulletin 4.0.6 & vBulletin 4.2.1 Vulnerable POST Parameter : sendtrackbacks Greetz to :...
ImpressPages CMS 3.6 Multiple Vulnerabilities
ImpressPages CMS version 3.6 suffers from a remote arbitrary file deletion , multiple SQL injection vulnerabilities that can be leveraged to commit cross site scripting attacks. ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability Vendor: ImpressPages UAB Product web page:...
E-Local Business Directory SQL Injection
Application Name : E-Local Business Directory Vulnerable Type : Post Sql Injection Infection : Yönetici ve User cookieleri çalýnabilir. Bug Fix Advice : Zararlý karakterler filtrelenmelidir. Author : Lazmania61 Script Home Page:...
Tipask 2.0 前台任意文件删除漏洞
简要描述: tipask可以调整头像保存并删除原始头像 在删除原始头像时使用了post提交的参数 造成任意文件删除漏洞 详细说明: function onsaveimg $x1 = $this- post'x1' ; $y1 = $this- post'y1' ; $x2 = $this- post'x2' ; $y2 = $this- post'y2' ; $w = $this- post'w' ; $h = $this- post'h' ; $ext = $this- post'ext' ; $uploadtmpfile = TIPASKROOT . "/data/tmp/"...
GLPI 0.83.8 SQL Injection Vulnerability
GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'usersidassign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in...
Multiple XSS Vulnerabilities in Jahia xCM
High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in Jahia xCM, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application. 1 Multiple Cross-Site Scripting XSS Vulnerabilites in Jahia xCM: CVE-2013-4624 1.1 The...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 5.0.0 allow remote attackers to inject arbitrary web script or HTML via the "newname" POST parameter to renameTag.php in /apps/bookmarks/ajax/ Commits: 1c63eb1 stable5 Risk: Medium Note: Successful exploitation of this stored XSS...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...
FreeBSD : Dokuwiki -- XSS vulnerability (2fe4b57f-d110-11e1-ac76-10bf48230856)
Secunia Research reports : Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the 'ns' POST parameter in lib/exe/ajax.php when 'call' is set to 'medialist' and 'do' is set to 'media' is n...
SQL injection in Bigware shop software
The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...
Hotel Booking Portal 0.1 SQL Injection
'Hotel Booking Portal' SQL Injection CVE-2012-1672 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in getcity.php that allows for SQL injection of the 'country' POST parameter. II. TESTED VERSION...
SQL injection in Bigware shop software
The Bigware shop software prior to version 2.15 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'lastname' in the module mainbigware43.php. A user must be created before exploitation. Proof of concept is at...
Joomla! "searchword" Cross-Site Scripting Vulnerability
No description provided by source. Aung Khant has discovered a vulnerability in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "searchword" POST parameter to index.php when "option" is set to "comsearch" and "task" is set to...
docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities
docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; alert1" / input type="hid...
Multiple Vulnerabilities in BEdita
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BEdita which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in BEdita The vulnerability exists due to input sanitation error in...
FCMS 2.3 SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...