838 matches found
URL token stealing via stylesheet redirect — Mozilla
Security researcher Martin Straka reported that Gecko-based browsers update the .href property of stylesheet DOM nodes to reflect the final URI of the stylesheet after following any 302 redirects much as the document.location property is updated. This differs from other browsers and could...
Unfixed XSS vulnerability at antena1.ro
Security researcher Shocker -at- ShockingSoft.com, has submitted on 02/06/2008 a cross-site-scripting XSS vulnerability affecting antena1.ro, which at the time of submission ranked 19888 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/200...
Unfixed XSS vulnerability at www.fawri.dz
Security researcher t0fx, has submitted on 13/01/2008 a cross-site-scripting XSS vulnerability affecting www.fawri.dz, which at the time of submission ranked 200838 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 14/01/2008. It is currently...
digitalhive-sql.txt
body margin:3%; font-size:10px; color:FFFFFF; font-family:Verdana,Arial; background-color:1a1a1a; text-align: center; input background:303030; color:FFFFFF; font-family:Verdana,Arial; font-size:10px; vertical-align:middle; border-left:1px solid 5d5d5d; border-right:1px solid 121212;...
Unfixed XSS vulnerability at www.haaretz.com
Security researcher TreX, has submitted on 21/12/2007 a cross-site-scripting XSS vulnerability affecting www.haaretz.com, which at the time of submission ranked 8645 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/12/2007. It is currently...
Unfixed XSS vulnerability at vip-seek.info
Security researcher Genocide, has submitted on 29/11/2007 a cross-site-scripting XSS vulnerability affecting vip-seek.info, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/12/2007. It is currently...
Unfixed XSS vulnerability at www.aladin.wrlc.org
Security researcher Genocide, has submitted on 27/11/2007 a cross-site-scripting XSS vulnerability affecting www.aladin.wrlc.org, which at the time of submission ranked 132714 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/11/2007. It is...
CVE-2007-5631
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the currentblockmodulepath parameter to 1 AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, 2...
webif-xss.txt
----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: IFNET.IT WEBIF XSS VULNERABILITY || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME Author: SkyOut Date:...
Unfixed XSS vulnerability at gwar.org.ru
Security researcher iD - uNkn0wn.eu, has submitted on 26/09/2007 a cross-site-scripting XSS vulnerability affecting gwar.org.ru, which at the time of submission ranked 1453096 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/10/2007. It is...
Unfixed XSS vulnerability at www.a-market.jp
Security researcher kusomiso.com, has submitted on 25/09/2007 a cross-site-scripting XSS vulnerability affecting www.a-market.jp, which at the time of submission ranked 127760 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/09/2007. It is...
Unfixed XSS vulnerability at www.vardguiden.se
Security researcher TraCK10ya, has submitted on 20/09/2007 a cross-site-scripting XSS vulnerability affecting www.vardguiden.se, which at the time of submission ranked 102260 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/09/2007. It is...
Unfixed XSS vulnerability at katalog.morbylanga.se
Security researcher By Encore, has submitted on 16/09/2007 a cross-site-scripting XSS vulnerability affecting katalog.morbylanga.se, which at the time of submission ranked 620823 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It is...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library STPHPLibrary 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 dbconf or 2 ADODBDIR parameter to utils/stphpimageshow.php; or a URL in the STPHPLIBDIR parameter to 3 stphpbutton.php, 4...
Sql injection
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the 1 id parameter to a pages/deletepage.php, b navigation/deletemenu.php, and c navigation/deleteitem.php ...
CVE-2007-4384
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the 1 NomVote and 2 FilePalHex parameters...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the 1 NomVote and 2 FilePalHex parameters...
CVE-2007-4384
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the 1 NomVote and 2 FilePalHex parameters...
CVE-2007-4235
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in 1 the dirpath parameter to a functions.php, or 2 the language parameter to b admin/index.php or c index.php...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 include parameter to a Main.php and b get.php and the 2 exec parameter to c count.php...