XSS vulnerability in swfupload in TYPO3 CMS, TinyMCE, Liferay Portal, Drupal, Codeigniter, SentinelleOnAir

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. This is finial advisory concerning different versions of this flash application. Earlier I've wrote about swfupload in Archiv plugin for TinyMCE, Squeeze Documents for SPIP, Upload Manager for...

SWF Upload f10 / f11 Cross Site Scripting

Hello list! I will draw your attention to XSS vulnerability in other web applications with swfupload. This is finial advisory concerning different versions of this flash application. Earlier I've wrote about swfupload in Archiv plugin for TinyMCE, Squeeze Documents for SPIP, Upload Manager for...

Total Shop UK eCommerce Generic Cross-Site Scripting

/------------------------------------------------------ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-site...

CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass

Affected products ============== CodeIgniter = 2.1.1 PHP framework and all CodeIgniter-based PHP applications using its built-in XSS filtering mechanism. CVE ==== CVE-2012-1915 Introduction ========== CodeIgniter http://codeigniter.com is a powerful PHP framework with a very small footprint, buil...

Total Shop UK eCommerice Cross Site Scripting

/------------------------------------------------------\ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-sit...

Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities

Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/54985/info Total Shop UK eCommerce CodeIgniter is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied...

Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/54985/info Total Shop UK eCommerce CodeIgniter is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

CodeIgniter 2.1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications This is a security advisory for popular PHP framework - CodeIgniter. I've found several bypasses in xss sanitization functions in the framework. These were responsibly disclosed to the vendor and are now fixed in version 2.1.2. CVE-2012-1915...

CodeIgniter 2.1.1 Cross Site Scripting Bypass

This is a security advisory for popular PHP framework - CodeIgniter. I've found several bypasses in xss sanitization functions in the framework. These were responsibly disclosed to the vendor and are now fixed in version 2.1.2. CVE-2012-1915. Affected products ============== CodeIgniter = 2.1.1 P...

CodeIgniter 2.1 - xss_clean() Filter Security Bypass

CodeIgniter 2.1 - xssclean Filter Security Bypass source: https://www.securityfocus.com/bid/54620/info CodeIgniter is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass XSS filter protections and perform cross-site scripting attacks. CodeIgniter versions prior ...

CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass

source: https://www.securityfocus.com/bid/54620/info CodeIgniter is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass XSS filter protections and perform cross-site scripting attacks. CodeIgniter versions prior to 2.1.2 are vulnerable. Build an application on...

pyrocms 2.1.1 - Multiple Vulnerabilities

pyrocms 2.1.1 - Multiple Vulnerabilities PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability Vendor: HappyNinjas Ltd Product web page: http://www.pyrocms.com Affected version: 2.1.1 Community Summary: PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it w...

pyrocms 2.1.1 - Multiple Vulnerabilities

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability Vendor: HappyNinjas Ltd Product web page: http://www.pyrocms.com Affected version: 2.1.1 Community Summary: PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind...

PyroCMS 2.1.1 CRLF Injection / Stored Cross Site Scripting

Exploit for php platform in category web applications PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability Vendor: HappyNinjas Ltd Product web page: http://www.pyrocms.com Affected version: 2.1.1 Community Summary: PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC...

PyroCMS 2.1.1 CRLF Injection / Stored Cross Site Scripting

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability Vendor: HappyNinjas Ltd Product web page: http://www.pyrocms.com Affected version: 2.1.1 Community Summary: PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind...

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability

Summary PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind. Lightweight, themeable and dynamic. Description PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the 'title' an...

MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

CodeIgniter 'CI_Security' Class 'xss_clean()'过滤器安全绕过漏洞

Bugtraq ID: 50847 CVE ID：CVE-2011-4025 CodeIgniter是一套给PHP网站开发者使用的应用程序开发框架和工具包 依赖xssclean过滤器进行XSS保护的EllisLab ExpressionEngine和CodeIgniter存在跨站脚本漏洞，允许攻击者进行会话劫持，信息泄露，安装恶意软件等攻击。 CISecurity类的removeevilattributes函数和xssclean实现存在缺陷，内部XSS过滤器可被绕过，允许在使用EllisLab ExpressionEngine和CodeIgniter产品上进行成功的XSS攻击。...

ExpressionEngine 2.2.2 / CodeIgniter 2.0.3 Cross Site Scripting

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

CVE-2011-3719

CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...