CVE-2012-4071

Cross-site scripting XSS vulnerability in the comments module in the RSGallery2 comrsgallery2 component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment...

Useresponse 1.0.2 Backdoor / CSRF / Code Execution

!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...

Useresponse <= 1.0.2 Privilege Escalation & RCE Exploit

Exploit for php platform in category web applications !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns...

Useresponse 1.0.2 - Privilege Escalation Remote Code Execution

Useresponse 1.0.2 - Privilege Escalation Remote Code Execution !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.co...

Viscacha Forum CMS 0.8.1.1 SQL Injection / XSS

Title: ====== Viscacha Forum CMS v0.8.1.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=525 VL-ID: ===== 525 Common Vulnerability Scoring System: ==================================== 7.3 Introduction: =============...

CVE-2011-4920

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.26, and other versions before 1.0.0, allow remote attackers to inject arbitrary web script or HTML via the URL to 1 e107images/thumb.php or 2 rate.php, 3 resendname parameter to e107admin/users.php, and 4 link BBCode in user signatures...

CVE-2011-4647

CVE-2011-4647 describes multiple cross-site scripting (XSS) vulnerabilities in the story creation feature of Geeklog 1.8.0 . An attacker can inject arbitrary script or HTML via the (1) code or (2) raw BBcode tags . The attached connected documents confirm the issue pertains to Geeklog 1.8.0 and d...

Simple Machines Forum 2.0 Session Hijacking

Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a session token in all the requests...

Simple Machines Forum (SMF) 2.0 - Session Hijacking

Simple Machines Forum SMF 2.0 - Session Hijacking Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf...

Community Server - Stored Cross-Site Scripting in User&#39;s Signature

Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed by Telligent. It uses ASP.NET platform C and Microsoft SQL Server database. From it's 5.0 version, the software was renamed to...

Telligent Community Server 5.x Cross Site Scripting

Editor's note: 4 Advisories are grouped together here. ======================================================================= Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed b...

kaibb 1.0.1 - Multiple Vulnerabilities

kaibb 1.0.1 - Multiple Vulnerabilities Vulnerability ID: HTB22749 Reference: http://www.htbridge.ch/advisory/bbcodexssinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: BBcode XSS Status: Not Fixe...

kaibb 1.0.1 - Multiple Vulnerabilities

Vulnerability ID: HTB22749 Reference: http://www.htbridge.ch/advisory/bbcodexssinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: BBcode XSS Status: Not Fixed, Vendor Alerted, Awaiting Vendor...

BBcode XSS in KaiBB

Vulnerability ID: HTB22749 Reference: http://www.htbridge.ch/advisory/bbcodexssinkaibb.html Product: KaiBB Vendor: Mi-Dia http://www.mi-dia.co.uk/ Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: BBcode XSS Status: Not Fixed, Vendor Alerted, Awaiting Vendor...

www.eVuln.com : &quot;url&quot; BBCode XSS in slickMsg

www.eVuln.com advisory: "url" BBCode XSS in slickMsg Summary: http://evuln.com/vulns/160/summary.html Details: http://evuln.com/vulns/160/description.html -----------Summary----------- eVuln ID: EV0160 Software: slickMsg Vendor: n/a Version: 0.7-alpha Critical Level: low Type: Cross Site Scriptin...

www.eVuln.com : BBCode CSS XSS in slickMsg

www.eVuln.com advisory: BBCode CSS XSS in slickMsg Summary: http://evuln.com/vulns/162/summary.html Details: http://evuln.com/vulns/162/description.html -----------Summary----------- eVuln ID: EV0162 Software: slickMsg Vendor: n/a Version: 0.7-alpha Critical Level: low Type: Cross Site Scripting...

slickMsg 0.7-alpha Cross Site Scripting

www.eVuln.com advisory: "url" BBCode XSS in slickMsg Summary: http://evuln.com/vulns/160/summary.html Details: http://evuln.com/vulns/160/description.html -----------Summary----------- eVuln ID: EV0160 Software: slickMsg Vendor: n/a Version: 0.7-alpha Critical Level: low Type: Cross Site Scriptin...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...

CVE-2010-4480

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting XSS attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "a@url@page"...