152 matches found
Unfixed XSS vulnerability at www.allcompanyltd.com
Security researcher IrIsT.Ir, has submitted on 29/12/2011 a cross-site-scripting XSS vulnerability affecting www.allcompanyltd.com, which at the time of submission ranked 474861 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/12/2011. It is...
Microsoft Internet Explorer Cookie Hijacking Vulnerability
Internet Explorer is prone to cookie hijacking vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2010-1384
The CVE-2010-1384 entry concerns Safari’s address bar spoofing vulnerability. Affected products include Safari before 5.0 on Mac OS X 10.5–10.6 and Windows, and before 4.1 on Mac OS X 10.4. The underlying issue is that the URL displayed in the address bar can be spoofed, making the user believe t...
[20100423] - Core - Negative Values for Limit and Offset
If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system...
CVE-2009-3166
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...
FLDS 1.2a - 'lpro.php' SQL Injection
Free Links Directory Script id SQL Injection Vulnerability Author: nuclear site: http://flds-script.com vuln: http://localhost/path/lpro.php?id=-1 UNION SELECT 1,concatusername,0x3a,password,3,4,5,6,7,8,9,10,11 from users demo:...
XSS in RSS feed creation
URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...
maiangreetings-cookie.txt
Author: Saime Date: July 12, 2008 Script: Maian Greetings v2.1 Insecure Cookie Handling Vulnerability URL: http://www.maianscriptworld.co.uk Dork: Powered by: Maian Greetings v2.1 Description: Maian Greetings v2.1 is suffering from insecure cookie handling, the /admin/index.php only checks if...
Unfixed XSS vulnerability at soft.rosinstrument.com
Security researcher Uber0n, has submitted on 31/01/2008 a cross-site-scripting XSS vulnerability affecting soft.rosinstrument.com, which at the time of submission ranked 68117 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/02/2008. It is...
CVE-2002-1626
CVE-2002-1626 describes a directory traversal vulnerability in Mike Spice My Calendar before 1.5. An attacker can craft a URL containing .. sequences to write arbitrary files on the server. The issue arises from improper validation of path traversal in the web-facing handler, enabling verifying a...
CVE-2002-1186
CVE-2002-1186 affects Microsoft Internet Explorer versions 5.01 through 6.0. The vulnerability arises because IE does not properly perform security checks on certain encoded characters within a URL, enabling a remote attacker to steal potentially sensitive information by redirecting the user to a...
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension...