Flyspray 0.9.9 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26891/info Flyspray is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...

osCommerce 2.2 admin/specials.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...

RedCMS 0.1 login.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17336/info RedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to HTML-injection and...

WordPress 2.3.2 - wp-admin/invites.php to Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28139/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...

Contenido CMS 4.8.12 XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29...

JGS-Gallery 4.0 Board jgs_galerie_scroll.php userid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16810/info JGS-Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary scrip...

Adobe Flash Player - Shader Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Flash Player Shader Buffer Overflow", 'Description' = %q This module exploits a buffer overflow vulnerability in Adobe Flash...

MS14-012 Internet Explorer TextRange Use-After-Free

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-012 Internet Explorer TextRange Use-After-Free", 'Description' = %q This module exploits a use-after-free vulnerability found in...

Cory Support "q" SQL注入漏洞

Cory Support是一款PHP应用。 由于通过"q" GET参数传递到loadsolve.php的输入在被用于SQL查询前未能正确过滤，攻击者可以利用漏洞通过注入任意SQL代码操纵SQL查询。 0 Cory Support 1.0 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://coryapp.com/page.php?id=1 // GET MySQL Injection with "q" Parameter in /loadsolve.php 1 : ?php 2 :...

Internet Bug Bounty: Flash local-with-fileaccess Sandbox Bypass

The proof of concept attached will exploit the implementation of flash in some browsers that will bypass the local-with-fileaccess sandbox. By encoding in ignored file:// uri characters, and navigating to another page with a decoder script. one is able to read arbitrary files AND parse it to the...

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

AlgoSec Firewall Analyzer 6.4 Cross Site Scripting

================================================================================================================================================================ AlgoSec Firewall Analyzer Version v6.4 cross-site scripting XSS Vulnerability...

Simple File Manager v.024 - Login Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple File Manager v.024 Login Bypass Vulnerability Date Published: 2013/6/17 Exploit Author: Chako Software Link: http://onedotoh.sourceforge.net/ Version: v.024 Doesn't work on v.025 Description: ===================== A...

Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability

A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...

HTML5 browser exploit can flood your Hard Drive with junk data

Feross Aboukhadijeh, 22-year-old Web developer from Stanford has discovered HTML5 browser exploit can flood your Hard Drive with Cat and Dogs i.e junk data. Many times a website needs to leave a little data i.e 5-10KB on your computer like a cookie, but HTML5 allow sites to store larger amounts o...

Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56110/info Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied...

TEMENOS T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

Temenos T24 R07.03 Authentication Bypass

TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...

Barracuda SSL VPN - launchAgent.do?return-To Cross-Site Scripting

Barracuda SSL VPN - launchAgent.do?return-To Cross-Site Scripting source: https://www.securityfocus.com/bid/54593/info Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues t...

Barracuda SSL VPN - 'launchAgent.do?return-To' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54593/info Barracuda SSL VPN 680 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...