141 matches found
You! Hostit! Cross Site Scripting
view source print? andresg888 Contact : andresg8884tgmaildotcom Web: : www.ilegalintrusion.net & www.bl4ck-p0rtal.org Dork : No DoRk f0R ScRipT KiDDieS Example:...
SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)
This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application...
Clip Bucket 1.7.1 - Insecure Cookie Handling
Clip Bucket 1.7.1 - Insecure Cookie Handling || || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/...
Adobe bitten by XSS bug it invented
Hundreds of thousand websites host vulnerable Adobe Flash files which can be exploited by malicious people to conduct convincing phishing and XSS attacks. In most cases, cookie hijacking is possible. Unsuspecting users can be redirected from trustworthy SSL and non-SSL sites to malware, adware an...
FLDS 1.2a SQL Injection
!/usr/bin/perl -w Free Links Directory Script V1.2a Remote SQL Injection Exploit written by ka0x D.O.M Labs Security Researchers - www.domlabs.org - Vuln code report.php: if$COOKIE'logged'=="" ... // login else $linkida = $GET'linkid'; $linkinfo = mysqlfetcharraymysqlquery"select from links where...
openSUSE 10 Security Update : squirrelmail (squirrelmail-5778)
Squirrelmail was updated to use the secure flag for its cookies. Otherwise it was possible to hijack a SSL-protected session via leaked cookies. CVE-2008-3663 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
[Full-disclosure] H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF
I luv u Ms. Phisher u d4 d1am0nds 1n My Ski h4xorCrew Advirosy 5: Easynews PRO 4.0 XSS and CRSF =================================================== "the game of secuirity is like a sord fight you must think furst b4 you m0ve" H-4 h3r3 2 stay cuz we in da h0uz h4xorcewz n da house and r4w we g0nna...
Unfixed XSS vulnerability at wap.sesamportail.com
Security researcher meloulisi, has submitted on 05/11/2007 a cross-site-scripting XSS vulnerability affecting wap.sesamportail.com, which at the time of submission ranked 4167253 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/11/2007. It is...
e107 website system 0.7.5 - 'admin.php?Query String (PATH_INFO)' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user i...
CVE-2006-3665
SquirrelMail 1.4.6 and earlier, with registerglobals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this...
CVE-2006-3665
CVE-2006-3665 affects SquirrelMail 1.4.6 and earlier with register_globals enabled. The vulnerability allows remote attackers to hijack cookies via src/redirect.php, with vectors not clearly disclosed in vendor reports. The description notes that “cookie theft” is often linked to XSS, but the ven...
CVE-2006-3665
SquirrelMail 1.4.6 and earlier, with registerglobals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this...
Maxwebportal <= 1.36 password.asp Change Password Exploit (3 - perl)
Exploit for unknown platform in category web applications ==================================================================== Maxwebportal Gr33tz To == mhp0rtal , Oilkarchack , Str0ke & AlphaST.Com And Iranian Hacking & Security Teams : IHS , Shabgard , Emperor ,Crouz & Simorgh-ev use IO::Socket...
silentstorm.txt
CHT Security Research-2004 http://www.CyberSpy.Org Turkey Software: Silent Storm Portal Web Site: http://www.silent-storm.co.uk/ssp/ Affected Versions: 2.1,2.2 Description: Silent Storm Portal is a PHP based portal system.It requires PHP4 or above.no MySQL needed. Multiple Vulnerabilities in Sile...
Expinion.net News Manager Lite 2.5 - 'category_news.asp?ID' SQL Injection
source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. The issues exist in the 'commentadd.asp', 'search.asp',...
Changing UBB cookie allows account hijack
Application: UBB 6.? Platform: Any system supporting PERL. Severity: Malicious users can steal session cookies, allowing administrative access to the bulletin board. Also custom html/js insertion in forum page is possible. Author: antiacid [email protected] Web:...
Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting
Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site...
Maxwebportal 1.30 - 'search.asp?Search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...
[IPS] osCommerce multiple XSS vulnerabilities
iProyectos Security Advisory: XSS Bugs in osCommerce 1. Problem description. 2. Risk 3. Solution 4. Manual fix 5. About iProyectos ------------------------------------ 1. Problem description: osCommerce is a widely installed open source shopping e-commerce solution. Some XSS cross-site scripting...
Multiple webmin bugs
Crossite scripting, session cookie hijacking...