Liferay 5.x / 6.x Cross Site Scripting

Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulnerabilities where found in liferay. Because liferay has a "remember me" option in their login screen that stores an encrypted password in a cookie this is more problematic than it...

Liferay Portal Privilege Escalation

Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...

Liferay Portal 6.0.x 6.1 - Privilege Escalation

Liferay Portal 6.0.x 6.1 - Privilege Escalation Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserServi...

Liferay Portal 6.1 - 6.0.x Privilege Escalation

Exploit for java platform in category web applications Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of...

CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

Mozilla Pushes Firefox 4.0.1, Fixes Security, Stability Issues

Mozilla has released the first update to their Firefox browser since making Firefox 4 available in March. Firefox 4.0.1 fixes three security and stability issues, two that are rated critical. Developers discovered and fixed some memory safety bugs in the browser they feared could bue used to run...

Mantis Bug Tracker 1.2.3 - db_type Local File Inclusion

Mantis Bug Tracker 1.2.3 - dbtype Local File Inclusion MantisBT library/adodb/adodb.inc.php ... 4109: 4110: $file = ADODBDIR."/drivers/adodb-".$db.".inc.php"; 4111: @includeonce$file; ... ==================================================================================== Tested on: Microsoft...

Mantis 1.2.x < 1.2.3 Cross-Site Scripting Vulnerability

Binary data 5676.prm...

K-Meleon For Windows 1.5.3 / 1.5.4 Stack Overflow

K-Meleon for windows about:neterror Stack Overflow DoS Vendor URL:http://kmeleon.sourceforge.net/ Advisore:http://lostmon.blogspot.com/2010/08/k-meleon-for-windows-aboutneterror-dos.html Vendor notified:Yes exploit available: YES K-Meleon is an extremely fast, customizable, lightweight web browse...

Immunity Canvas: MANTIS113

Name| mantis113 ---|--- CVE| CVE-2008-4688 Exploit Pack| CANVAS Description| Mantis BugTracker = 1.1.3 Remote Code Execution Notes| CVE Name: CVE-2008-4688 VENDOR: Mantis Repeatability: Infinite CVE Url: https://vulners.com/cve/CVE-2008-4688 References: 'None' CVSS: 5.0...

menalto gallery: Session hijacking vulnerability, CVE-2008-3102

menalto gallery: Session hijacking vulnerability, CVE-2008-3102 References https://vulners.com/cve/CVE-2008-3102 http://int21.de/cve/CVE-2008-3102-mantis.html http://www.mantisbt.org/bugs/view.php?id=9524 http://www.mantisbt.org/bugs/view.php?id=9533...

mantis-poc.txt

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

e107617.txt

Software: http://www.e107.org Author: Heintz Advisory origin: http://www.waraxe.us Software bugtracker: http://e107.org/e107plugins/bugtracker2/bugtracker2.php?0.bug.558 e107 v 0.617 search.php line 142 if$POST'searchquery' echo ""; unset$text; extract$POST; here extract registeres and overwrites...

CVE-2004-1731

CVE-2004-1731 affects the Mantis bugtracker, specifically signup_page.php, where remote attackers could create multiple users and provide the same e-mail address to trigger mass e-mail behavior. The vulnerability enables sending e-mail bombs; exploitation details (methods, likelihood, and in-the-...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

CVE-2004-1730

CVE-2004-1730 is an XSS vulnerability in the Mantis bugtracker. The issue allows remote attackers to inject arbitrary script/HTML via four vectors: (1) the return parameter to login_page.php, (2) the e-mail field in signup.php, (3) the action parameter to login_select_proj_page.php, and (4) the h...

CVE-2004-1731

signuppage.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

Mantis Bugtracker Remote PHP Code Execution Vulnerability

--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...