7425 matches found
Flex CMS Calendar (ItemId) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== FlexCMS Calendar ItemId Blind SQL Injection Vulnerability =========================================================== FlexCMS CalendarItemId Blind SQL Injection Vulnerability...
HP unveils Flash vulnerability scanner
HP has released a free static-analysis tool designed to find vulnerabilities in applications developed on the Adobe Flash platform. But HP SWFScan is no security geek plaything. It’s meant specifically for developers without much in the way of security training. The tool is the brainchild of the...
FlexCMS (catId) Remote SQL Injection Vulnerability
No description provided by source. AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection:...
FlexCMS 2.5 - 'catId' SQL Injection
AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concatusername,char58,password+from+users--...
FlexCMS 2.5 - catId SQL Injection
FlexCMS 2.5 - catId SQL Injection AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection:...
FlexCMS SQL Injection
AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concatusername,char58,password+from+users--...
Flex CMS (catId) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================== FlexCMS catId Remote SQL Injection Vulnerability ================================================== AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Develope...
4Site CMS <= 2.6 Multiple Remote SQL Injection Vulnerabilities
No description provided by source. WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules "Pages" module:...
4Site CMS 2.6 SQL Injection
WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules "Pages" module:...
XSS in the Widget Connector
I've been working with the widget connector today and reading through the code when I noticed that the media uris are not being handled securely. try this: widget:url=youtube.com/v="alert'xss' In general there is not a unified way to prevent issues like this in the widget extensions and it is up ...
XSS in the Widget Connector
I've been working with the widget connector today and reading through the code when I noticed that the media uris are not being handled securely. try this: widget:url=youtube.com/v="alert'xss' In general there is not a unified way to prevent issues like this in the widget extensions and it is up ...
JVN#72630020 MODx vulnerable to SQL injection
MODx, an open source contents management system, contains a SQL injection vulnerability in the MODx Control Panel. Impact A remote attacker could obtain administrative privileges of MODx. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6....
JVN#10170564 MODx cross-site scripting vulnerability
MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6.2 and earlier...
ILIAS <= 3.7.4 (ref_id) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================= ILIAS 50-- 0day.today 2018-03-20...
ILIAS <= 3.7.4 (ref_id) Blind SQL Injection Vulnerability
No description provided by source. ILIAS Learning Management = 3.7.4 - SQL Injection Vulnerability Vulnerability discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, Palme, GPM, karamble, Free-Hack Date: 24.12.2008 Developer: http://www.ilias.de Dork 1: "powered by ILIAS" Dor...
ILIAS 3.7.4 - ref_id Blind SQL Injection
ILIAS 3.7.4 - refid Blind SQL Injection ILIAS Learning Management 50-- milw0rm.com 2008-12-24...
JVN#50327700 PHP vulnerable to cross-site scripting
PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
JVN#20502807 Snoopy command injection vulnerability
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...
JVN#03300113 Blosxom vulnerable to cross-site scripting
Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest udpate provided by the developer. Products Affected Blosxom 2.1.1 and earlier...
CVE-2008-2619
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors...