223 matches found
Osmotic pre-Flash to get shell shortcut/Ewebeditor/ASP/ASPX/PHP the version of vulnerability-vulnerability warning-the black bar safety net
Recent thinking from the new writing blog, I always take someone else's stuff posted Today in the blog on yourself to write something, nothing technical content, even if a summary. Hope the newbies some help, the cattle people to the table to laugh at me, huh? ewebeditor, believe play the Black...
dorsacms-xss.txt
--------------------------------------------------------- Portal Name: Dorsa CMS Vendor : http://www.dorsacms.com Dork: Powered by DorsaCms Author : PouyaServer , [email protected] Vulnerability : XSS Cross site scripting ---------------------------------------------------------...
Unfixed XSS vulnerability at iaumajlesi.ac.ir
Security researcher Pouyaserver, has submitted on 29/10/2008 a cross-site-scripting XSS vulnerability affecting iaumajlesi.ac.ir, which at the time of submission ranked 519555 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/07/2009. It is...
Dorsa CMS - 'Default_.aspx' Cross-Site Scripting
source: https://www.securityfocus.com/bid/31992/info Dorsa CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...
eWebEditorNet vulnerability upload. aspx-vulnerability warning-the black bar safety net
eWebEditorNet is mainly a upload. aspx file there upload vulnerability. Principle: Code 1. form id="post" encType="server" 2. "uploadfile" style="file" size="uploadfile" runat= 3. "lbtnUpload" runat= 4. "JavaScript" Just a simple ID verification As long as the configured javascript:lbtnUpload...
ASPX Shell
Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...
ASPX Shell
Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...
ASPX Shell
Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...
ASPX Shell
Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...
Online Store Application Template Sign_In.ASPX SQL注入漏洞
Online Store Application Template是一款ASPX的WEB应用程序。 Online Store Application Template不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'SignIn.ASPX'脚本对用户提交的用户名密码参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 CodeWidgets Online Store Application Template 目前没有解决方案提供:...
IIS6 ASPX DOS EXPLIOT-vulnerability warning-the black bar safety net
IIS6 /AUX/. aspx GET D. O. S Exploit Coder by golds7n 5 2 6 1 3 1 4atsohu.com Usage: iis6dos.exe IP|domain name port Execution parameters: iis6dos site This program is based on the kcope discovered and written,for iis6 aspx site. Download address: Software unzip password:8 4 8 2 3 7 1 4...
[Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???
Hello List, Recently I saw a small bug in IIS 6.0 when requesting a special path. When I request /AUX/.aspx the server takes a bit longer to respond as Normally. So I did write an automated script to see what happens if I request this file several times at once. The result is that some servers On...
Microsoft IIS 6.0 - '/AUX / '.aspx' Remote Denial of Service
When sending multiple parallel GET requests to a IIS 6.0 server requesting /AUX/.aspx the server gets instable and non responsive. This happens only to servers which respond a runtime error System.Web.HttpException and take two or more seconds to respond to the /AUX/.aspx GET request. signed,...
Microsoft IIS 6.0 - AUX .aspx Remote Denial of Service
Microsoft IIS 6.0 - AUX .aspx Remote Denial of Service When sending multiple parallel GET requests to a IIS 6.0 server requesting /AUX/.aspx the server gets instable and non responsive. This happens only to servers which respond a runtime error System.Web.HttpException and take two or more second...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...
CVE-2007-0302
Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...
CVE-2007-0302
Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...
CVE-2007-0302
CVE-2007-0302 affects InstantASP 4.1.0 with multiple cross-site scripting (XSS) flaws. An attacker can inject arbitrary script/HTML via (1) SessionID to Logon.aspx and (2) Username and (3) Update to Members1.aspx, enabling web-script injection. The NVD CVSS2 base score is 6.8 (MEDIUM) with networ...
InstantASP 4.1 - 'Members1.aspx' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and...
XSS in InstantForum.NET v4.1.1
Advisory: InstantForum.NET v4.1.1 Home Page: http://instantasp.co.uk/ Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting Уязвимый скрипт/Vulnerable script: Logon.aspx, Search1-2-1.aspx, InsertAttachments.aspx...