Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress ME for XOOPS: crossite scripting...

Cross-Site Scripting vulnerabilities in WordPress ME for XOOPS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в плагине WordPress ME для XOOPS. XSS: POST запрос на странице http://site/modules/wordpress/wp-comments-post.php "scriptalertdocument.cookie/script В параметрах: author, comment, privatekey и back. Эксплоит:...

kshop-xss.txt

Kshop module search variable&field remote XSS Vendor url:http://www.kaotik.biz/ Advisore:http://lostmon.blogspot.com/2008/08/ kshop-module-search-variable-and-field.html Vendor notify:no exploit available:YES Kshop is a E-commerce php/Mysql script module for multiple CMS Systems like...

Directory traversal

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Cross site scripting

Cross-site scripting XSS vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-3296

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-3296

Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-3295

Cross-site scripting XSS vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-3296

Summary: CVE-2008-3296 affects XOOPS, specifically XOOPS 2.0.18.1, via a directory traversal in the file path handling of the admin.php module under modules/system. The underlying issue allows remote attackers to include and execute arbitrary local files by crafting a .. (dot dot) sequence in the...

CVE-2008-3295

CVE-2008-3295 describes a cross-site scripting (XSS) vulnerability in XOOPS 2.0.18.1, specifically in modules/system/admin.php, where an attacker can inject arbitrary script or HTML through the fct parameter. The vulnerability is documented across multiple sources (NVD, CVE listings, and related ...

Xoops本地文件包含和跨站脚本漏洞

BUGTRAQ ID: 30330 CNCAN ID：CNCAN-2008072303 XOOPS是一款基于PHP的内容管理系统。 XOOPS不正确处理用户提交的输入，远程攻击者可以利用漏洞以WEB权限查看系统文件内容或获得目标用户敏感信息。 问题由于'admin.php'脚本对用户提交给'fct'参数缺少过滤，提交包含多个'../'字符作为参数数据，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 另外'admin.php'脚本相关'fct'参数存在跨站脚本问题，可获得目标用户敏感信息。 Xoops 2.0.18 1 目前没有解决方案提供：...

XOOPS 2.0.18 - modulessystemadmin.php?fct Cross-Site Scripting

XOOPS 2.0.18 - modulessystemadmin.php?fct Cross-Site Scripting source: https://www.securityfocus.com/bid/30330/info XOOPS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the...

XOOPS 2.0.18 - modulessystemadmin.php?fct Traversal Local File Inclusion

XOOPS 2.0.18 - modulessystemadmin.php?fct Traversal Local File Inclusion source: https://www.securityfocus.com/bid/30330/info XOOPS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can...

XOOPS 2.0.18 - '/modules/system/admin.php?fct' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/30330/info XOOPS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal...

XOOPS 2.0.18 - '/modules/system/admin.php?fct' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30330/info XOOPS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal...

XOOPS Uploader上传模块'filename'参数目录遍历漏洞

BUGTRAQ ID: 29600 CNCAN ID:CNCAN-2008061007 XOOPS Uploader是一款基于Xoops的上传组件。 XOOPS Uploader组件不正确处理'filename'参数，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 构建包含"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 Xoops Uploader 1.1 目前没有解决方案提供： http://www.xoops.org/modules/repository/singlefile.php?cid=28&lid=1243...

XOOPS Module Uploader 1.1 (filename) File Disclosure Vulnerability

No description provided by source. MMM MMM MMM MMM MMMMMMMMMMMMM MMMMMMMMM MMMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MM MMM MMM MM MMM MMM MMM MMM MMM MMM...

xoopsuploader-lfi.txt

MMM MMM MMM MMM MMMMMMMMMMMMM MMMMMMMMM MMMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MM MMM MMM MM MMM MMM MMM MMM MMM MMM MMM MMM MMM MM MMM MMM MMMMMMM MMMMMMMM MMM MMM MMM MMM MMM MMM MMM MMM MM MMM MMM MMMMMMM MMMMMMMM MMM MMMMM MMMMMMMMMM MMMMMMMMMM MMM MMM MM MMM MMM MM MMM MMM MMMN M...

XOOPS Module Uploader 1.1 (filename) File Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================== XOOPS Module Uploader 1.1 filename File Disclosure Vulnerability ================================================================== MMM MMM MMM MMM MMMMMMMMMMMMM MMMMMMMMM...

XOOPS Module Uploader 1.1 - Filename File Disclosure

XOOPS Module Uploader 1.1 - Filename File Disclosure MMM MMM MMM MMM MMMMMMMMMMMMM MMMMMMMMM MMMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MMMMMMMMM MM MMM MMM MM MMM MMM MMM MMM MMM MMM MMM MMM MMM MM MMM MMM MMMMMMM MMMMMMMM MMM MMM MMM MMM MMM MMM MMM MMM MM MMM MMM MMMMMMM MMMMMMMM MMM MMMMM...