21 matches found
EUVD-2007-2142
Malware in sbrugna...
EUVD-2005-0931
Malware in sbrugna...
Chatness 2.5 Message Form Field HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12929/info Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. Exploitation will allow an attacker to inject hostile HTML and script code into the session ...
Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit
No description provided by source. ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.ph...
ChatNess 2.5 Session Fixation
Exploit Title: ChatNess 2.5 Session Fixation Script Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://www.chatness.us Version : 2.5 Tested on: Windows Category: webapps Google Dork: intext:"Powered by Chatness" + Exploit : http:///chatness/chatness/chat.php Discovered by: Scripting...
CVE-2007-2148
Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...
CVE-2007-2149
Chatness 2.5.3 and earlier is affected. The issue arises from storing usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, with the recommendation of file permissions 0666 or 0777. This enables local users to read credential data and may allow remote attackers...
CVE-2007-2149
Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in 1 classes/vars.php and 2 classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attacker...
CVE-2007-2148
CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...
CVE-2007-2147
The CVE-2007-2147 entry affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier. The issue is that admin/options.php does not verify administrative credentials, allowing remote attackers to read and modify the configuration files classes/vars.php and classes/varstuff.php via direct requests....
Chatness 2.5.3 (options.php/save.php) Remote Code Execution Exploit
No description provided by source. ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.ph...
Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ====================================================================== Chatness = 2.5.3 options.php/save.php Remote Code Execution Exploit ====================================================================== ?/ Files: options.php, save.p...
Chatness 2.5.3 - '/options.php/save.php' Remote Code Execution
?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.php the problems occur because the...
chatness253-multi.txt
?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.php the problems occur because the...
Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit
No description provided by source. ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.ph...
Chatness 2.5.3 - options.phpsave.php Remote Code Execution
Chatness 2.5.3 - options.phpsave.php Remote Code Execution ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of...
[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities
PersianHacker.NET 200503-12Chatness 2.5.1 and prior Html Injection Vulnerability Date: 2005 March Bug Number: 12 Chatness Chatness is a PHP based chat script.It has enough flexibility to fit any users needs, and enough modification options to customly fit into any site http://www.chatness.us...
CVE-2005-0930
Cross-site scripting XSS vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via 1 the user field or 2 the message parameter to message.php...
CVE-2005-0930
CVE-2005-0930 is a documented XSS vulnerability in Chatness versions up to 2.5.1, exploitable via message.php by supplying input in the user field or the message parameter. Affected software is Chatness (≤2.5.1); the underlying issue is cross-site scripting that allows an attacker to inject arbit...
Chatness 2.5 - 'Message Form' HTML Injection
source: https://www.securityfocus.com/bid/12929/info Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could...