EUVD-2010-3026

Malware in sbrugna...

DiamondList 0.1.6 - Cross Site Request Forgery Vulnerability

No description provided by source. Vulnerability ID: HTB22517 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versions Vendor...

CVE-2010-3023

Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...

CVE-2010-3023

CVE-2010-3023 involves multiple XSS flaws in DiamondList 0.1.6 (and possibly earlier). The vulnerabilities arise from insufficient input sanitization of (1) category[description] in user/main/update_category and (2) setting[site_title] in user/main/update_settings, not properly handled by the tem...

CVE-2010-3024

CVE-2010-3024 affects DiamondList 0.1.6 (and possibly earlier) with a CSRF vulnerability in the admin-facing path user/main/update_user. This allows a remote attacker to hijack administrator authentication and perform actions such as (1) changing the admin password or (2) changing site configurat...

CVE-2010-3024

Multiple cross-site request forgery CSRF vulnerabilities in user/main/updateuser in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that 1 change the administrative password or 2 change the site's configuration...

CVE-2010-3023

Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...

XSS vulnerability in DiamondList

Vulnerability ID: HTB22518 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityindiamondlist1.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versions Vendor Notification: 22 July 2010...

XSS vulnerability in DiamondList

Vulnerability ID: HTB22508 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versions Vendor Notification: 22 July 2010...

XSRF (CSRF) in DiamondList

Vulnerability ID: HTB22517 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versions Vendor Notification: 22 July 2010...

DiamondList 0.1.6 Cross Site Request Forgery / Cross Site Scripting

============================================ Vulnerability ID: HTB22508 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior...

DiamondList 0.1.6 - Cross-Site Request Forgery

Vulnerability ID: HTB22517 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versions Vendor Notification: 22 July 2010...

DiamondList 0.1.6 - Cross-Site Request Forgery

DiamondList 0.1.6 - Cross-Site Request Forgery Vulnerability ID: HTB22517 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versio...

DiamondList - usermainupdate_category?category[description] Cross-Site Scripting

DiamondList - usermainupdatecategory?categorydescription Cross-Site Scripting source: https://www.securityfocus.com/bid/42252/info DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before usin...

DiamondList - usermainupdate_settings?setting[site_title] Cross-Site Scripting

DiamondList - usermainupdatesettings?settingsitetitle Cross-Site Scripting source: https://www.securityfocus.com/bid/42252/info DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using i...

DiamondList - '/user/main/update_settings?setting[site_title]' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42252/info DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...

DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42252/info DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...

Multiple Vulnerabilities in DiamondList

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in DiamondList which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in DiamondList: CVE-2010-3023 1.1 The vulnerability exists due...