Cross site scripting

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

CVE-2017-7897

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

CVE-2017-7897

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

CVE-2016-7965

DokuWiki 2016-06-26a and older uses $SERVERHTTPHOST instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header. The vulnerability can be triggered only if the Host...

phpTrafficA 2.3 SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...

CVE-2012-1647

CVE-2012-1647 affects the MediaFront Drupal module (Drupal 6.x: 6.x-1.x prior to 6.x-1.5; Drupal 7.x: 7.x-1.x prior to 7.x-1.5). The vulnerability is cross-site scripting via input in PHP library handling the stand-alone OSM Player, specifically through $_SERVER["HTTP_HOST"], $_SERVER["SCRIPT_NAM...

dz7. 2 HTTP header injection vulnerability-vulnerability warning-the black bar safety net

dz7. 2 HTTP header injection vulnerability 20107/7/, the dz7. 2 header injection vulnerability 20107/7/ image.php to: header header'location: '.$ boardurl.$ thumbfile; $boardurl = htmlspecialchars'http://'.$ SERVER'HTTPHOST'. pregreplace"//+api|archiver|wap?/$/ i", ", substr$PHPSELF, 0,...

STCMS V3. 3 SQL injection 0DAY vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability causes: There is no filter$SERVER lead to the user can be faked$SERVERX-FORWARDED-FOR, so the malicious injection statement written to the database. Using the steps of: 1. Enter a comment on the page, the first comment A and capture. 2. In the package add a bar: X-Forwarded-For:...

BlueCMS v1. 6 sp1 $_SERVER injection vulnerability-vulnerability warning-the black bar safety net

Affected version: v1. 6 sp1 Vulnerability description: BlueCMS is a place to classified information portal dedicated CMS system. Procedures in using the getipfunction to get the Client ip when not strictly filter the data, resulting in sql injection vulnerability. //comment.php $sql = "INSERT INT...

PHD Help Desk v1.43 Mutliple XSS

Exploit for unknown platform in category web applications ================================ PHD Help Desk v1.43 Mutliple XSS ================================ Mutliple XSS in PHD Help Desk v1.43 Name Multiple vulnerabilities in PHD Help Dsk Systems Affected PHD Help Desk v1.43 and possibly earlier...

RCBlog 1.03 - Authentication Bypass

Vendor: http://noahmedling.com Versions: RCBlog 1.03 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=4 ---- By default, the application provides public access to the text file which stores the MD5 hashes of the...

CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite Authentication Bypass

CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite Authentication Bypass Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini setting...

Information disclosure

Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $SERVER superglobal...

autoindex-xss.txt

====================================================================== AutoIndex Impact: Cross Site Scripting Denial of Service DoS Status: patch available ------------------------------ Affected software description: ------------------------------ Application: AutoIndex Version:...

phppgadmin-xss.txt

------=Part257544061665.1180272607070 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Synopsis: Multiple XSS Vulnerabilities Introduction: phpPgAdmin is a web-based administration tool for PostgreSQL. Details: phpPgAdmin...

Cross site scripting

Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...

CVE-2007-2431

Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...

TCExam 4.0.011 - SessionUserLang Shell Injection

TCExam 4.0.011 - SessionUserLang Shell Injection resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // read data from cache requireonce$this-cachefile; $this-resource = $tmx; else i...

TCExam 4.0.011 - 'SessionUserLang' Shell Injection

resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // read data from cache requireonce$this-cachefile; $this-resource = $tmx; else if !empty$this-cachefile // open cache file...

[Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability

There exist a flaw in a way how Apache and php combination handle the $SERVER array. If the programmer writes scrip like this: ?php echo $SERVER'REQUESTMETHOD'; ? He will assume that REQUESTMETHOD can only by: GET,POST,OPTIONS,TRACE and all that stuff. However this is not true, since Apache accep...