SUSE CVE-2010-4567

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a 1 javascript: or 2 data: URI, which allows remote attackers to conduct cross-site scripting XSS attacks via the URL aka bugfileloc field...

SUSE CVE-2011-0048

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a 1 javascript: or 2 data: URI in the URL aka bugfileloc field, which allows remote attackers to conduct cross-site scripting XSS attacks against logged-out users via a crafted UR...

thinksaas最新版存储xss

简要描述： 过滤不当 详细说明： 最新版下载地址http://www.thinksaas.cn/service/down/ 跟前面thinksaas最新版xss2 WooYun: thinksaas最新版xss2 thinksaas最新版xss WooYun: thinksaas最新版xss 原理都一样 吐槽下 官网不让注册帐号 就在本地测试了 前人的我测试一个现在还可以 当然 漏洞文件肯定是不一样的 漏洞文件 在app/article/action/add.php 25行中没有过滤 48行插入数据库 isLogin; switch $ts case "" : if...

maplab ms4w 2.2.1 - Remote File Inclusion Vulnerability

No description provided by source. Bug Found By ka0x D.O.M TEAM we are: anonyph;arp;ka0x;xarnuz Contact: [email protected] FROM SPAIN --- Script: MapLab Version: 2.2.1 Official Site: http://www.maptools.org Download: http://www.maptools.org/dl/ms4w/maplabms4w-2.2.1.zip -- Bug File: params.php Path...

phpFK <= v7.0.5 Remote Code Execution

Exploit for php platform in category web applications ===================================== phpFK = v7.0.5 Remote Code Execution ===================================== +-------------------------------------------------------------------------------------------------------------------------------+ ...

WysGui CMS 1.2 BETA&#40;Insecure Cookie Handling&#41;--Blind-sql-injection-exploit--&gt;

!/usr/bin/perl --------------------------------------------------------- WysGui CMS 1.2 BETAcookie BSQL --------------------------------------------------------- CMS INFORMATION: --WEB: http://wysgui.com/ --DOWNLOAD: http://sourceforge.net/projects/wysgui/ --DEMO: http://wysgui.com/demo/...

allfa-rfi.txt

Allfaclassfieds level2.php dir remote file inclusion -- Bug Found By Dr.RoVeR --Arab48 Hacker Contact: [email protected] --- Script: allfaclassfieds Download: http://scriptat.com/download.php?sid=718 -- Bug File: level2.php Bug code in line 4: require"$dir/admin/dp.php"; -- Exploit:...

Allfaclassfieds &#40;level2.php dir&#41; remote file inclusion

Allfaclassfieds level2.php dir remote file inclusion -- Bug Found By Dr.RoVeR --Arab48 Hacker Contact: [email protected] --- Script: allfaclassfieds Download: http://scriptat.com/download.php?sid=718 -- Bug File: level2.php Bug code in line 4: require"$dir/admin/dp.php"; -- Exploit:...

MapLab MS4W 2.2.1 - Remote File Inclusion

Bug Found By ka0x D.O.M TEAM we are: anonyph;arp;ka0x;xarnuz Contact: [email protected] FROM SPAIN --- Script: MapLab Version: 2.2.1 Official Site: http://www.maptools.org Download: http://www.maptools.org/dl/ms4w/maplabms4w-2.2.1.zip -- Bug File: params.php Path: /htdocs/gmapfactory/params.php Bu...

PT-2007-1424 · Leicestershire · Leicestershire Communityportals

Name of the Vulnerable Software and Affected Versions: Leicestershire communityPortals versions 1.0 build 20051018 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the cp root path parameter. This is a different vector than previously identifie...

PWebServer033.txt

Donato Ferrante Application: PWebServer http://sourceforge.net/projects/pwebserver/ Version: 0.3.3 Bug: directory traversal bug Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Descripti...