191 matches found
WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery / Cross-Site Scripting
I would like to disclose CSRF and stored XSS vulnerability in Wordpress plugin LeenkMe version 2.5.0. The plugin can be found at https://wordpress.org/plugins/leenkme/ In the page wp-content/plugins/leenkme/facebook.php XSS vulnerable Fields are : - facebookmessage - facebooklinkname -...
PHPfileNavigator 2.3.3 Persistent & Reflected XSS
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...
Wireshark 1.10.7 - DoS PoC
No description provided by source. !/usr/bin/python Exploit Title: Wireshark Read Access Violation near NULL starting at libcairo2!cairoimagesurfacegetdata Date: May 15th 2014 Author: Osanda Malith Jayathissa E-Mail: osandajayathissaatgmail.com Version: 1.10.7 32-bit and 64-bit Vendor Homepage:...
PHPFox 3.6.0 Cross Site Scripting
------------------------------------------------------------ Exploit Title: PHPFox v3.6.0 build6 Multiple Cross-Site Scripting vulnerabilities ------------------------------------------------------------ Author: BHG Security Center Date: Saturday, October 12, 2013 Vendor: http://www.phpfox.com...
dotProject 2.1.3 - Cross-Site Scripting Improper Permissions
dotProject 2.1.3 - Cross-Site Scripting Improper Permissions Exploit Title: dotProject 2.1.3 XSS and Improper Permissions Date: Dec 15 2009 Author: h00die [email protected] & S0lus Software Link:...
[ONSEC-09-011] UMI.CMS Multiple XSS
ONSEC-09-011 UMI.CMS Multiple XSS Цель: UMI CMS =2.7.3 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимые поля...
blogmev3.txt
vendor site:http://www.drumster.net/ product:Blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerables fields: - Name - URL - Comments laurent gaffié & benjamin mossé http://s-a-p.ca/ contact:...
wheatblogXSS.txt
vendor site: http://wheatblog.sourceforge.net/ product : Wheatblog bug: multiple xss post & full path disclosure risk : medium xss post : /addcomment.php vulnerable fieds : - Name - WWW - Comment impact: an attacker can steal the cookie from every persons who is watching at the comments. full pat...
Multiple Vulnerabilities in Invision Power Board v1.3.1 Final.
Description: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Compromise: SQL Injection, Cross site Scripting. Vulnerable Systems: Invision Power Board v1.3.1 Final. Details: An Input Validation Error exists in ssi.php. $sqlfields is vulnerable to An Input Validation Error. How to...
invision13.txt
Software: Invision Power Board Vendor: http://www.invisionboard.com/ Versions: U v1.3 Final Bug: Cross Site Scripting Vulnerabillity Risk: Medium Exploitation: Remote with browser Date: 29 Feb 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Web: http://theinsider.deep-ice.com 1...
inrtra.txt
Software: Inrtra Forum Perl CGI Vendor: http://www.diburim.co.il/ Versions: Single version was created Bug: Cross Site Scripting Vulnerabillity Risk: Low Exploitation: Remote with browser Date: 24 Jan 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Web:...