PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================== PHP Classifieds ADS sid Blind SQL Injection Vulnerability =========================================================== Title: PHP CLASSIFIEDS ADS Price: $49 Link :...

Prometeo v1.0.65 SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================ Prometeo v1.0.65 SQL Injection Vulnerability ============================================ Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product:...

Script Insertion Vulnerabilities in ArtGK CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ArtGK CMS which could be exploited to perform script insertion attacks. 1 Script insertion vulnerabilities in ArtGK CMS 1.1 Input passed to the "content" parameter in cms/classes/CForm.php is not properly sanitiz...

libvirt: improperly mapped source privileged ports may allow for obtaining privileged resources on the host

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree...

Multiple vulnerabilities in TCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Target CMS TCMS, which could be exploited to perform cross-site scripting and SQL Injection attacks, read arbitrary files and compromise vulnerable system. 1 Cross-site scripting XSS vulnerabilities in TCMS 1.1 A...

Digistore Ecommerce 4.0 File Disclosure / Backup Disclosure

==================================================== Digistore Ecommerce V4.0 File Disclosure Vulnerabilities Digistore Ecommerce V4.0 by Pass / Creat and Download Backup Vulnerability ====================================================...

tomcat: missing fix for CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter,...

Multiple Cross-site Scripting (XSS) Vulnerabilities in allinta CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in allinta CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in allinta CMS 1.1 The vulnerability exists due to input sanitation error in the "langURL"...

Cross-site Scripting (XSS) Vulnerability in SiteLoom CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in SiteLoom CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in SiteLoom CMS The vulnerability exists due to input sanitation error in the "mailform1" parameter in...

dotDefender 4.02 - 'clave' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41541/info dotDefender is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...

RunCMS 2.1 - 'magpie_debug.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41551/info RunCms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

HYM (news_details.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================== HYM newsdetails.php SQL Injection Vulnerability ================================================== +Title: HYM newsdetails.php SQL Injection Vulnerability + About :...

Samin CMS LFI Vulnerability

Exploit for php platform in category web applications =========================== Samin CMS LFI Vulnerability =========================== InformatioN Title : Samin CMS LFI Vulnerability Author: Arash Saadatfar Vendor: http://see.ir Example : http://olampiyad.ir/index.php?pg=/etc/passwd ExploiT...

Joomla! Component com_seyret - Local File Inclusion

Joomla! Component comseyret - Local File Inclusion Exploit Title: Joomla Component Seyret comseyret Date: 2010-06-26 Author: mlk Software Link: null Version: null Tested on: Linux,BSD and windows CVE : null Code : on paper Joomla Component Seyret comseyret - Local File Inclusion Vulnerability +...

Wiki Web Help 0.2.7 - Cross-Site Scripting HTML Injection

Wiki Web Help 0.2.7 - Cross-Site Scripting HTML Injection source: https://www.securityfocus.com/bid/41306/info Wiki Web Help is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in...

Cross-site Scripting (XSS) Vulnerability in DSite CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in DSite CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in DSite CMS The vulnerability exists due to input sanitation error in the "buttonname" parameter in...

Cross-site Request Forgery (CSRF) Vulnerabilities in FestOS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in FestOS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in FestOS 1.1 The vulnerability exists due to insufficient validation of the request origin in...

Multiple Vulnerabilities in Pixie

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixie which could be exploited to perform cross-site scripting, script insertions and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in Pixie The vulnerability exists due to input...

ASRC Really Simple Chat 3.3 Cross Site Scripting / Remote File Inclusion

= ARSC Really Simple Chat V3.3 Remote File Inclsion & Cross Site Scripting Vulnerability = Author : Zer0 Thunder = Home : http://colombohackers.com = Download : http://sourceforge.net/projects/arsc/ = Date : 06/25/2010 Remote File Inclusion ---...

NetWorld Alliance portal SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================================== NetWorld Alliance portal SQL Injection Vulnerability ==================================================== EDB-ID: CVE: OSVDB-ID: Author: Dr.0rYX and Cr3w-DZ Published: Verified: Exploit Code...