27 matches found
EUVD-2006-0657
Malware in sbrugna...
EUVD-2005-2614
Malware in sbrugna...
EUVD-2005-2626
Malware in sbrugna...
EUVD-2005-2625
Malware in sbrugna...
CPaint 1.3 xmlhttp Request Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14577/info CPAINT is prone to an input validation vulnerability. This issue occurs because the application fails to properly sanitize malicious scripts and requests from user-supplied input. Successful exploitation of thi...
CPAINT 1.3/2.0 TYPE.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16559/info CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks. CPAINT 2.0.2 a...
CVE-2006-0650
Cross-site scripting XSS vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaintresponsetype parameter, which is displayed in a resulting error message, as demonstrated using a...
Cross site scripting
Cross-site scripting XSS vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaintresponsetype parameter, which is displayed in a resulting error message, as demonstrated using a...
CVE-2006-0650
CVE-2006-0650 is an XSS vulnerability in the CPAINT library’s cpaint2.inc.php, affecting versions before 2.0.3. The issue allows remote attackers to inject arbitrary script/HTML via the cpaint_response_type parameter, which is reflected in an error message. The documented impact is cross-site scr...
CVE-2006-0650
Cross-site scripting XSS vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaintresponsetype parameter, which is displayed in a resulting error message, as demonstrated using a...
CPAINT AJAX Library Cross Site Scripting
GulfTech Security Research February 9, 2006 Vendor : CPAINT URL : http://sourceforge.net/projects/cpaint Version : CPAINT = 2.0.2 Risk : Cross Site Scripting Description: CPAINT Cross-Platform Asynchronous INterface Toolkit is a multi-language toolkit that helps web developers design and implemen...
cpaint202XSS.txt
GulfTech Security Research February 9, 2006 Vendor : CPAINT URL : http://sourceforge.net/projects/cpaint Version : CPAINT = 2.0.2 Risk : Cross Site Scripting Description: CPAINT Cross-Platform Asynchronous INterface Toolkit is a multi-language toolkit that helps web developers design and implemen...
[SA18765] CPAINT "cpaint_response_type" Cross-Site Scripting
TITLE: CPAINT "cpaintresponsetype" Cross-Site Scripting SECUNIA ADVISORY ID: SA18765 VERIFY ADVISORY: http://secunia.com/advisories/18765/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CPAINT 1.x http://secunia.com/product/5543/ CPAINT 2.x...
CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16559/info CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks. CPAINT 2.0.2 and prior versions are affected...
CPAINT 1.32.0.2 - TYPE.php Cross-Site Scripting
CPAINT 1.32.0.2 - TYPE.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16559/info CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks...
CVE-2005-2624
Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaintargument parameter to 1 calculator.asp or 2 cpaintfile.asp, which is directly fed into an eval statement...
CVE-2005-2625
Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the 1 ExecuteGlobal function or 2 GetRef statement, which is not included in the blacklist...
CVE-2005-2624
CVE-2005-2624 affects CPAINT 1.3-SP. The vulnerability occurs when user-supplied cpaint_argument[] is fed directly into an eval statement in calculator.asp and cpaintfile.asp, allowing remote attackers to execute arbitrary ASP code. The root cause is eval-injection via unsanitized input. The publ...
CVE-2005-2625
CVE-2005-2625 describes an incomplete blacklist vulnerability in CPAINT’s checkBlacklist function, allowing remote command execution via (1) ExecuteGlobal or (2) GetRef statements not covered by the blacklist. The connected documents confirm CPAINT as affected; no version/patch details are provid...
CVE-2005-2625
Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the 1 ExecuteGlobal function or 2 GetRef statement, which is not included in the blacklist...