2005 matches found
CVE-2008-5995
Cross-site scripting XSS vulnerability in the freeCap CAPTCHA srfreecap extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5995
CVE-2008-5995 is an XSS vulnerability in the TYPO3 freeCap CAPTCHA (sr_freecap) extension prior to 1.0.4. It allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents confirm the vulnerability, but do not provide explicit exploit details or a ...
CVE-2008-5995
Cross-site scripting XSS vulnerability in the freeCap CAPTCHA srfreecap extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
deV!Lz Clanportal [DZCP] <= 1.4.9.6 Blind SQL Injection Exploit
No description provided by source. use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password = $ARGV3; if !$password...
DZCP (deV!L_z Clanportal) 1.4.9.6 - Blind SQL Injection
DZCP deV!Lz Clanportal 1.4.9.6 - Blind SQL Injection use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password =...
Joomla Component RWCards 3.0.11 Local File Inclusion Vulnerability
No description provided by source. o------------------------------------------------------------------------------------x | Local File Inclusion Vulnerability | o------------------------------------------------------------------------------------o | Software : RWCards 3.0.11 Component for Joomla...
printlog-disclose.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog eNYe-Sec - www.enye-sec.org -- Description by the author's page -- PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works based on flat files. The idea is derived from a...
TYPO3 Security Bulletin
It has been discovered that the extension freeCap CAPTCHA srfreecap is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.0.3 and all versions below Vulnerability Type: Cross-Site...
default config values restored
This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...
Spoofing
The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...
CVE-2008-3573
The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...
CVE-2008-3573
The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...
CVE-2008-3573
The CVE-2008-3573 vulnerability affects the CAPTCHA implementations in Pligg 9.9.5 and possibly PHP-Nuke 8.1. A critical ts_random value is embedded in the IMG SRC URL, allowing remote attackers to pass the CAPTCHA by calculating a value that combines ts_random with the current date and the HTTP ...
Pligg Auto-Voter Using XSS to Bypass CSRF Protection
Explanation: Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. For the $GET'category' variable. Exploit code was written that uses this flaw to bypass the CSRF protection to then vote on any pligg article of the attackers choosing. I took inspiration from the Myspac...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RavenNuke: CAPTCHA bypass...
Insufficient Anti-automation vulnerability in RavenNuke
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в RavenNuke порте PHP-Nuke. Insufficient Anti-Automation: Уязвимость в капче системы. Эксплоит: http://websecurity.com.ua/uploads/2008/RavenNuke20CAPTCHA20bypass.html Уязвима версия RavenNuke 2.20.01 и...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. SLAED CMS: CAPTCHA bypass, crossite scripting...
Cross-Site Scripting vulnerabilities in PHP-Nuke
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в PHP-Nuke. XSS: POST запрос на странице http://site/modules.php?name=YourAccount&op=newuser "script src=http://site/script.js В полях: gfxcheck и randomnum. Эксплоит:...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSBIGACEDIRaddon parameter to a addon/smarty/plugins/function.captcha.php and b system/classes/sql/AdoDBConnection.php; a...
adv94-K-159-2008.txt
ECHOADV94$2008 ----------------------------------------------------------------------------------------- ECHOADV94$2008 Kmita Mail = 3.0 file Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...