HeffnerCMS Remote Command Exucetion And Cross Scripting Attack

Website : http://www.christian-heffner.de Version : 1.07 I. ?php $filename="index.php"; requireonce 'vlib/vlibTemplate.php'; $tmpl = new vlibTemplate'tmpl/std/index.tpl'; requireonce 'config/dbconfig.php'; requireonce 'config/pcfunctions.php'; Ucuyor.... : lol II. Vulnerable code ;...

IMP HTML+TIME XSS Vulnerability

The remote server is running at least one instance of IMP whose version number is 3.2.4 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to inject arbitrary content, including script, in a specially crafted MIME message. To have an effect, the...

Horde IMP with MSIE MIME Viewer Email Message XSS

The remote server is running at least one instance of IMP whose version number is 3.2.4 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to inject arbitrary content, including script, in a specially crafted MIME message. To have an effect, the...

IMP Content-Type Header XSS

The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...