SmarterMail 7.x LDAP Injection

Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...

Pligg CMS 1.0.4 - SQL Injection Cross-Site Scripting

Pligg CMS 1.0.4 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/42967/info Pligg CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities...

Cross-site Scripting (XSS) Vulnerabilities in ATutor

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ATutor which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in ATutor The vulnerability exists due to input sanitation error in the "cid" parameter in...

Apache Tomcat JSP2 Examples XSS

The remote Apache Tomcat installation is affected by multiple cross-site scripting vulnerabilities because several of the JSP example scripts do not properly validate user input. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Macs CMS 1.1.4 - Cross-Site Scripting Cross-Site Request Forgery

Macs CMS 1.1.4 - Cross-Site Scripting Cross-Site Request Forgery Date: Sun 11 Jul 2010 11:53:35 AM EEST Vendor: http://macs-framework.sourceforge.net/ Download: http://sourceforge.net/projects/macs-framework/ --- -= CSRF PoC 1 - Create Admin User =- Macs CMS 1.1.4 Multiple Vulnerabilities XSS/CSR...

Multiple Cross-site Scripting (XSS) Vulnerabilities in Spitfire

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Spitfire which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Spitfire 1.1 The vulnerability exists due to input sanitation error in the "cmsid" and...

TurboFTP Server Directory Traversal Vulnerability

Date of Discovery: 17-Jun-2010 Credits: leinakesiatgmail.com Vendor: Turbo FTP Server Affected: Turbo FTP Server 1.20Date of Discovery: 17-Jun-2010 Credits: leinakesiatgmail.com Vendor: Turbo FTP Server Affected: Turbo FTP Server 1.20.745. Earlier versions may also be affected. Overview: 1.vendor...

Multiple Vulnerabilities in OneCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OneCMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in OneCMS The vulnerability exists due to input sanitation error in the "cat"...

Crownweb SQL Injection

crownweb page.cfm Sql Injection Vulnerability =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Email : [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : crownweb .:. Language : Cfm .:. Script Download:...

Squito Gallery v.1.0 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ======================================================= Squito Gallery v.1.0 Cross Site Scripting Vulnerability =======================================================...

Oracle E-Business Suite - Multiple Vulnerabilities

Oracle E-Business Suite - Multiple Vulnerabilities Oracle E-Business Suite is prone to multiple authentication-bypass and HTML-injection vulnerabilities. Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security...

WordPress 2.7.1 admin.php Bypass

An attacker can exploit this issue via a browser. The following example URIs are available: http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt...

SLES10: Security update for id3lib

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: id3lib id3lib-devel id3lib-examples More details may also be found by searching for the SuSE Enterprise Server 10 patch database located at...

SLES9: Security update for Tomcat

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache-jakarta-tomcat-connectors apache2-jakarta-tomcat-connectors jakarta-tomcat jakarta-tomcat-doc jakarta-tomcat-examples For more information, please vis...

SLES9: Security update for Tomcat

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-jakarta-tomcat-connectors jakarta-tomcat-doc apache-jakarta-tomcat-connectors jakarta-tomcat jakarta-tomcat-examples For more information, please vis...

SLES9: Security update for id3lib

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: id3lib-examples id3lib id3lib-devel For more information, please visit the referenced security advisories. More details may also be found by searching for...

SLES9: Security update for id3lib

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: id3lib-examples id3lib id3lib-devel For more information, please visit the referenced security advisories. More details may also be found by searching for...

CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability

No description provided by source. CF ShopKart SQL vulnerability By learn3r hacker from Nepal [email protected] Product name: CF ShopKart Version: 5.4 beta or may be lower Product home: www.cfshopkart.com Affected variable: item SQLi examples:...

Wireshark 1.2.2版本修复多个拒绝服务漏洞

BUGTRAQ ID: 36408 Wireshark之前名为Ethereal，是一款非常流行的网络协议分析工具。 Wireshark的OpcUa、GSM A RR、TLS协议解析模块中存在拒绝服务漏洞。如果用户受骗从网络抓取了恶意的报文或读取了恶意抓包文件的话，就会导致解析模块崩溃。 Wireshark 0.99.6 - 1.2.1 临时解决方法： 禁用受影响的解析模块： 1 从菜单选择Analyze→Enabled Protocols... 2 清除GSM CCCH、OpcUa和SSL 3 点击“保存”、“确定” 厂商补丁： Wireshark ---------...

CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ CF Shopkart 5.3x itemid Remote SQL Injection Vulnerability ============================================================ CF ShopKart SQL vulnerability By learn3r hacker from Nepal...