Cross-site Scripting (XSS) Vulnerabilities in Scribe CMS

High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in Scribe CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Scribe CMS 1.1 The vulnerability exists due to input sanitation error in the “f” parameter in...

Cross-site Scripting (XSS) Vulnerabilities in odCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in odCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in odCMS 1.1 The vulnerability exists due to input sanitation error in the "content" parameter in...

Cross-site Scripting (XSS) Vulnerabilities in synType CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in synType CMS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerability in synType CMS The vulnerability exists due to input sanitation error in...

Advneced Management For Services Sites - File Disclosure

Advneced Management For Services Sites - File Disclosure ======================================================================= Advneced Management For Services Sites File Disclosure Vulnerabilities ======================================================================= Vendor:...

Joomla ChronoForms Blind SQL Injection

Exploit Title: Joomla Component ChronoForms comchronocontact Date: 01, June 2010 Author: mlk Renan Software Link:0 Version: 0 Tested on: all OS CVE : 0 Code : here Joomla Component ChronoForms comchronocontact - Blind SQL Injection Vulnerability ! Discovered by : mlk Renan ! Teams : c00kies ,...

Joomla! Component ChronoForms - Blind SQL Injection

Joomla! Component ChronoForms - Blind SQL Injection Exploit Title: Joomla Component ChronoForms comchronocontact Date: 01, June 2010 Author: mlk Renan Software Link:0 Version: 0 Tested on: all OS CVE : 0 Code : here Joomla Component ChronoForms comchronocontact - Blind SQL Injection Vulnerability...

Joomla! Component ChronoForms - Blind SQL Injection

Exploit Title: Joomla Component ChronoForms comchronocontact Date: 01, June 2010 Author: mlk Renan Software Link:0 Version: 0 Tested on: all OS CVE : 0 Code : here Joomla Component ChronoForms comchronocontact - Blind SQL Injection Vulnerability ! Discovered by : mlk Renan ! Teams : c00kies ,...

Simpel Side - index2.php SQL Injection

Simpel Side - index2.php SQL Injection Tital : simpelside index2.php SQL Injection VulnerabilityEDB-ID: CVE-ID: OSVDB-ID: Author: MN9 Published: 2010-05-25 Verified: yes .. Author : MN9 .. Email : Mn9atLive.No .. Script Home : www.simpelside.dk .. Doork : : Exploit http://site/index2.php?id=2 SQL...

Website Design and Hosting By Netricks Inc - 'news.php' SQL Injection

@@@@@@@@@ @@@@@@@@ @@@@ @@@ @@@ @@@@@@@@ @@@@@@@@@@@@ @@@@@@@@@ @@@@@@@@ @@@@@@ @@@@@@ @@@@@@ @@@@@@@@ @@@@@@@ @@@ @@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@@@@ @@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@ @@@@@@ @@@@@@ @@ @@ @@ @@ - @@@@@@@ @@ @@@ @@@@@@ @@@@@@ @@ @@@@@ @@ - @@@@@@@ @@ @@@ @@ @@ @@ @@ @@ @@ @@ @@...

NeTricks CMS (news.php) SQL Injection Vulnerability

Exploit for php platform in category web applications =================================================== NeTricks CMS news.php SQL Injection Vulnerability =================================================== Name: Website Design and Hosting By Netricks, Inc. Date: 25-05-2010 vendor:...

Joomla Component com_extcalendar XSS Vulnerability

Exploit for php platform in category web applications ================================================== Joomla Component comextcalendar XSS Vulnerability ================================================== x Joomla Component Extcalendar x Author: s4r4d0 x Contact: email protected x Team; Fatal...

MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability

MOPS-2010-016: PHP ZENDSR Opcode Interruption Address Information Leak Vulnerability May 8th, 2010 PHP’s ZENDSR opcode can be abused for address information leak attacks by an userspace error handler interruption attack. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 = 5.3.2...

PHP-Nuke 5.0 viewslink SQL Injection

Exploit Title: PHP-NUKE viewslink Remote SQL Injection Date: 05.05.2010 Author: CMD Contact: [email protected] Version: PHP Nuke 5.0 and other version Dork: allinurl: op=viewslink&sid= =-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-= Tested on:...

Joomla Gallery SQL Injection

Exploit Title: Joomla Component comgallery SQL injection vulnerability Date: 02/05/2010 Author: HeaDShoT Software Link: Version: Tested on:linux bt CVE : Code : Email :pw7atlivedotfr dork :inurl:"comgallery" example: http://site.com/index.php?option=comgallery&id=sqli UNION SELECT...

Webthaiapp Blind SQL Injection

--==+==================================================+==-- --==+ Webthaiapp detail.phpcat Blind Sql injection Vulnerability +==-- --==+==================================================+==-- Date : 30-04-2010 -=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= AUTHOR: Xeleno...

Webthaiapp - 'detail.php?cat' Blind SQL Injection

--==+==================================================+==-- --==+ Webthaiapp detail.phpcat Blind Sql injection Vulnerability +==-- --==+==================================================+==-- Date : 30-04-2010 -=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= AUTHOR: Xeleno...

CMScout 2.08 SQL Injection

Title: CMScout 2.08 SQL Injection Vulnerability EDB-ID: CVE-ID: OSVDB-ID: Author: Dr.0rYX and Cr3w-DZ Published: Verified: Download Exploit Code Download N/A NNNN NNNN AAAAAA SSSSSSSS TTTTTTTTTTTT NNNNNN NNNN AAAAAA SSSSSSSSSSSS TTTTTTTTTTTT NNNNNN NNNN AAAA AAAA SSSS TTTT eeeeee aaaaaa mmmm mm...

Cross-site Scripting Vulnerability in Acuity CMS

High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Acuity CMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in Acuity CMS Input sanitation error was found in the "page" parameter in /admin/pages/addpage.asp. A...

Cross-site Scripting Vulnerability in ecoCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ecoCMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in ecoCMS: CVE-2010-5046 Input validation error was found in the "p" parameter in /admin.php. A remote attack...

DEBIAN-CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...