classifiedZONE v1.2 XSS vuln.

classifiedZONE v1.2 XSS vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/classifieds/ affected versions:v.1.2 and prior Vuln. Description: classifiedZONE contains a flaw that allows a remote cross site scripting attack. This flaw exists because inp...

couponZONE v.4.2 Multiple vuln.

couponZONE v.4.2 Multiple vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/coupons affected versions:v.4.2 and prior orginal advisory:http://pridels.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html Vuln. Description: 1. SQL vuln. couponZONE...

[SA19415] Absolute Live Support XE Script Insertion Vulnerability

TITLE: Absolute Live Support XE Script Insertion Vulnerability SECUNIA ADVISORY ID: SA19415 VERIFY ADVISORY: http://secunia.com/advisories/19415/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Absolute Live Support XE 2.x http://secunia.com/product/8929/...

SweetSuite.NET - ssCMS 2.1.x XSS vuln.

SweetSuite.NET - ssCMS 2.1.x XSS vuln. Vuln. discovered by : r0t Date: 25 march 2006 vendor: www.sweetsuite.net/ssCMSMain.aspx affected versions: 2.1.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/sweetsuitenet-sscms-21x-xss-vuln.html Vuln. Description: ssCMS contains a flaw th...

[SA19048] LanSuite LanParty Intranet System "fid" SQL Injection

TITLE: LanSuite LanParty Intranet System "fid" SQL Injection SECUNIA ADVISORY ID: SA19048 VERIFY ADVISORY: http://secunia.com/advisories/19048/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: LanSuite LanParty Intranet System 2.x...

[SA18325] OnePlug CMS SQL Injection Vulnerabilities

TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...

Ad Manager Pro SQL vuln.

Ad Manager Pro SQL vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ad-manager-pro-sql-vuln.html vendor:www.phpwebscripts.com/admanagerpro/ affected version:2.0 and prior Product Description: Quality ad management system. Graphical or text-bas...

Hot Links Pro 3.x XSS vuln.

Hot Links Pro 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hl3details.shtml affected version:3.x and prior Product Description: Directory style index allows for easy...

Geeklog 1.4.x Full Path Disclosure vuln.

Geeklog 1.4.x Full Path Disclosure vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html Vendor:http://www.geeklog.net/ affected version:1.4.0 Beta 1 and prior Product Description: Geeklog is a Web Portal...

Fantastic News "category" SQL inj.

Fantastic News "category" SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/fantastic-news-category-sql-inj.html Vendor:www.fscripts.com Product link:http://fscripts.com/free.php?id=1 affected version: 2.1.1 and prior Product description:...

Softbiz Web Host Directory Script Multiple vuln.

Softbiz Web Host Directory Script Multiple vuln. Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/web-host-directory-script-multiple.html Vendor:www.softbizscripts.com Product link:http://www.softbizscripts.com/web-hosting-directory-script.php...

Vote Caster 3.x SQL Inj. Vuln.

Vote Caster 3.x SQL Inj. Vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html Vendor:http://www.comdevweb.com/ Product link:http://www.comdevweb.com/votecaster.php affected version: 3.1 and prior. Vuln. Description:...

[SA16353] PHPLite Calendar Express Two Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15818] Dynamic Biz Website Builder Admin Login SQL Injection

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15515] ZonGG "password" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Phorum 3.4 Cross Site Scripting

Description: It is possible to insert javascript code in a message and execute it. 1. go to a phorum 2. click on new topic 3. enter any name 4. enter any email 5. enter a title in the way like this "scriptalert "Vulnerable";/script 6. enter any text 7. click the preview button 8. click the send...