catalogshop.txt

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Mambo CatalogShop Attack method: Remote File Inclusion Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below...

akoinclude.txt

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Ako Comments mod Attack method: Remote File Inclusion Source: Description: This module shows users' comments from component AkoComments. File Version: 1.1 for Mambo 4.5...

CVE-2006-4284

SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

Ako Comments (mod) Remote File Inclusion

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W www.Aria-security.net Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Ako Comments mod Attack method: Remote File Inclusion Source: Description: This module shows users' comments from component AkoComments. File Version: 1.1 for Mambo 4...

Code injection

Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process...

CVE-2006-2388

Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process...

CVE-2006-2388

Summary: CVE-2006-2388 is a remote code execution vulnerability in Microsoft Office Excel (2000–2004) caused by a flaw when Excel rebuilds metadata after processing malformed cell comments. An attacker must lure a user into opening a crafted .XLS file, which could allow code execution with the cu...

CVE-2006-2388

Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process...

Buddy Zone Version 1.0.1 - XSS

Buddy Zone Version 1.0.1 Homepage: http://www.vastal.com/buddy-zone-social-networking-script.html Affected files: Sending invitations Profiles Blogs Journals Posting comments Posting in the forum Sending mail Creating a group viewsubforum.php viewpost.php viewclassifieds.php viewad.php...

CVE-2006-3211

The CVE-2006-3211 issue affects cjGuestbook versions 1.3 and earlier, located in sign.php. It is a cross-site scripting (XSS) vulnerability that lets remote attackers inject JavaScript by using a javascript: URI in an img BBCode tag within the comments parameter. Impact is partial integrity compr...

PT-2006-4106 · Unknown · Cjguestbook

Name of the Vulnerable Software and Affected Versions: cjGuestbook versions 1.3 and earlier Description: The issue concerns a cross-site scripting XSS vulnerability. It allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

CVE-2006-3183

Cross-site scripting XSS vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, includi...

43things.txt

43things.com Homepage: http://www.43things.com Affected files: input box "I want to add to my list" posting a comment ---------------------------------------- XSS vuln via input text of the box "I want to" When you add an item thats already on your list. For a PoC we have style tags with broken u...

[Full-disclosure] ASPListPics

EXPL-A-2006-003 exploitlabs.com Retro Advisory 001 - - ASPListpics - RETRO-RELEASE DATE: =================== Nov 11, 2004 Duplicate Release: June 06, 2006 by: r0t http://pridels.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html http://secunia.com/advisories/20517/ OVERVIEW ======== ASPListpics...

Cross site scripting

Cross-site scripting XSS vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the 1 url and 2 author fields...

CVE-2006-2880

Cross-site scripting XSS vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the 1 url and 2 author fields...

CVE-2006-2880

Cross-site scripting XSS vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the 1 url and 2 author fields...

AlstraSoft E-Friends - XSS

AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmfu...

CVE-2006-2564

Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...

Cross site scripting

Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...