new vuln in snewscms rus v 2.3

New Advisory: Snewscms Rus v2 http://www.medprostuda.ru --------------------Summary---------------- Software: SnewsCMS Rus v. 2.3 Sowtware's Web Site: http://www.snewscms.net.ru Versions: 2.4 Critical Level: Moderate Type: XSS Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: N...

SNewsCMS 2.x - search.php Cross-Site Scripting

SNewsCMS 2.x - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28262/info SNewsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this...

snewscmsrus-xss.txt

New Advisory: Snewscms Rus v2 http://www.medprostuda.ru --------------------Summary---------------- Software: SnewsCMS Rus v. 2.3 Sowtware's Web Site: http://www.snewscms.net.ru Versions: 2.4 Critical Level: Moderate Type: XSS Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: N...

CVE-2008-1326

Gallarific is affected by a Cross-site Scripting (XSS) vulnerability in search.php, exploitable via the query parameter to inject arbitrary web script/HTML. This is the explicit vulnerability described across multiple sources (including OpenVAS and NVD entries). The connected documents do not pro...

CVE-2008-1326

Cross-site scripting XSS vulnerability in search.php in Gallarific allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1076

CVE-2008-1076 describes a Cross-site Scripting (XSS) vulnerability in Interspire Shopping Cart 1.x, where an attacker can inject arbitrary script via the search_query parameter in search.php. The root cause is improper handling/sanitization of the search_query input, enabling script execution in ...

Unfixed XSS vulnerability at www.24corridorstudy.ca

Security researcher CCC, has submitted on 28/02/2008 a cross-site-scripting XSS vulnerability affecting www.24corridorstudy.ca, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/03/2008. It is currently...

Sql injection

Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via 1 the kid parameter to a mod/dl.php or b mod/links.php, and 2 the query parameter to search.php...

CVE-2008-0811

Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via 1 the kid parameter to a mod/dl.php or b mod/links.php, and 2 the query parameter to search.php...

auracms162-sql.txt

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 1.62 Multiple Remote SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 1.62 Vendor : http://www.auracms.org/ ------------------------------------ Audit Oleh : NTOS-Team Loka...

AuraCMS 1.62 - Multiple SQL Injections

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 1.62 Multiple Remote SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 1.62 Vendor : http://www.auracms.org/ ------------------------------------ Audit Oleh : NTOS-Team Loka...

CVE-2008-0676

Cross-site scripting XSS vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...

CVE-2008-0676

CVE-2008-0676 describes a Cross-site Scripting (XSS) vulnerability in the search.php component of A-Blog 2. The flaw allows remote attackers to inject arbitrary web script or HTML via the words parameter, enabling potential credential theft or session manipulation through crafted search queries. ...

CVE-2008-0676

Cross-site scripting XSS vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter...

CVE-2007-6696

Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via 1 an event description, 2 the query string to pref.php, and 3 the adv parameter to search.php. NOTE: vector 1 requires user authentication...

Unfixed XSS vulnerability at www.hearye.org

Security researcher quangntenemy, has submitted on 27/01/2008 a cross-site-scripting XSS vulnerability affecting www.hearye.org, which at the time of submission ranked 752719 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is...

Unfixed XSS vulnerability at www.lunametrics.com

Security researcher Kaospunk, has submitted on 24/01/2008 a cross-site-scripting XSS vulnerability affecting www.lunametrics.com, which at the time of submission ranked 192867 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/03/2008. It is...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution

The version of MyBB installed on the remote host is affected by an arbitrary PHP code execution vulnerability due to improper sanitization of user-supplied input to the 'sortby' parameter of the forumdisplay.php script before using it in an eval statement to evaluate PHP code. A remote,...

[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10

waraxe-2008-SA061 - Remote Code Execution in MyBB 1.2.10 =============================================================================== Author: Janek Vind "waraxe" Independent discovery: koziolek Date: 16. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-61.html Target...