CVE-2011-2078

Technical details (affected product/versions, root cause, exploitability) are not publicly provided in the supplied documents. Monitor for updates from these sources.

mailman -- CSRF hardening in parts of the web interface

The late Tokio Kikuchi reported: We may have to set lifetime for input forms because of recent activities on cross-site request forgery CSRF. The form lifetime is successfully deployed in frameworks like web.py or plone etc. Proposed branch lp:tkikuchi/mailman/form-lifetime implement lifetime in...

Cross-site Scripting (XSS) Vulnerabilities in webSPELL

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in webSPELL which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in webSPELL 1.1 The vulnerability exists due to input sanitation error in the "pass" and "touser...

Apache CouchDB < 1.0.2 Futon Admin Interface XSS

According to its banner, the version of CouchDB running on the remote host is affected by a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon admin interface. A remote attacker could exploit this to execute arbitrary...

PT-2011-1443 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions 0.8.0 through 1.0.1 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the web administration interface of Apache CouchDB. These vulnerabilities allow remote attackers to inject...

Multiple Vulnerabilities in ViArt Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ViArt Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in ViArt Shop The vulnerability exists due to input sanitation...

AWBS 2.9.2 (cart.php) Blind SQL Injection Vulnerability

Exploit for php platform in category web applications AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom...

AWBS 2.9.2 Blind SQL Injection

AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom Vendor..: http://www.awbs.com Link....:...

AWBS 2.9.2 - &#039;cart.php&#039; Blind SQL Injection

AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom Vendor..: http://www.awbs.com Link....:...

CVE-2010-4534

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

CVE-2010-4534

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

Django Admin List Filter Data Extraction

ADVISORY INFORMATION: Advisory ID: NGENUITY-2010-009 Date discovered: 8.28.2010 Date published: 12.22.2010 SOFTWARE AFFECTED: “Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.” 1 The admin interface of the Django web framework can be abuse...

Openfiler Cross Site Scripting

Good morning again! -- openfiler xss: https://192.168.0.2:446/admin/system.html?step=2&device=et%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3Ebh0...

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Litespeed Web Server 4.0.17 with PHP FreeBSD - Remote Overflow LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD...

Symantec IM Manager Administrative Interface DetailReportGroup.lgx Definition File SQL Injection Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdPageImlogic.aspx page which is exposed through an IIS extension on the defau...

CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery

Binary data 5642.prm...

Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service

Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across...

Sun Java Web Server 7.0 u7 Denial Of Service

Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across semi amusing DOS: root@bt: nc -nv 192.168.48.134 8800 UNKNOWN...

Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service

Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across this semi amusing DOS: root@bt: nc -nv 192.168.48.134 8800...