PT-2007-1472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.0.0 through 5.0.30 Apache Tomcat versions 5.5.0 through 5.5.17 Description: A cross-site scripting XSS issue exists due to unfiltered header values in the implicit-objects.jsp file of the examples webapp, allowing...

Fixed in Apache Tomcat 5.5.18, 5.0.SVN

Moderate: Cross-site scripting CVE-2006-7195 The implicit-objects.jsp in the examples webapp displayed a number of unfiltered header values. This enabled a XSS attack. These values are now filtered. Affects: 5.0.0-5.0.30, 5.5.0-5.5.17...

Angel Lms 7.1 - default.asp?id SQL Injection

Angel Lms 7.1 - default.asp?id SQL Injection Application: Angel Learning Management Suite 7.1 http://www.angellearning.com Description: "ANGEL LMS is an inclusive suite of enterprise learning management tools that balances ease of use with powerful capabilities to deliver leading edge teaching an...

Angel LMS 7.1 (default.asp id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= Angel LMS 7.1 default.asp id Remote SQL Injection Vulnerability ================================================================= Application: Angel Learning Management Suit...

Angel Lms 7.1 - 'default.asp?id' SQL Injection

Application: Angel Learning Management Suite 7.1 http://www.angellearning.com Description: "ANGEL LMS is an inclusive suite of enterprise learning management tools that balances ease of use with powerful capabilities to deliver leading edge teaching and learning, impact learner success and measur...

phpicalendar-xss.txt

PHP icalendar multiple variable cross site scripting Vendor url:http://phpicalendar.net/ Advisore:http://lostmon.blogspot.com/2006/12/ php-icalendar-multiple-variable-cross.html Vendor notify: YES Exploit included:YES PHP icalendar contains a flaw that allows a remote cross site scripting...

TinyWebGallery <= 1.5 (image) Remote Include Vulnerabilities

No description provided by source. C Y B E R - W A R R i O R T I M TinyWebGallery v1.5 image Remote Include Vulnerability ------------------------------------------------------------------------------ Author: xoron ------------------------------------------------------------------------------...

wisi-sql.txt

By: Jesus Tovar mail: [email protected] Greetz: Dario Struz Vendor: http://www.wsicorporate.com Digital Security Owner Dork: "Created and maintained by WSI" File Bug: /login.asp /admin/login.asp /admin/request.asp Sql Injection : ' or 'x'='x Site Examples: http://host.com/admin/login.asp...

Wisi Portal [Sql Injection By Jesus Tovar]

By: Jesus Tovar mail: [email protected] Greetz: Dario Struz Vendor: http://www.wsicorporate.com Digital Security Owner Dork: "Created and maintained by WSI" File Bug: /login.asp /admin/login.asp /admin/request.asp Sql Injection : ' or 'x'='x Site Examples: http://host.com/admin/login.asp...

MysqlDumper-1.21.txt

MysqlDumper Version 1.21 b6 Xss Vulnerability By CrackersChild [email protected] www.sibersavacilar.com Download Script http://www.mysqldumper.de/board/downloads.php?view=detail&id=17 Exploit www.site.com/mysqldumperpath/sql.php?db=Xss codes Examples...

oscommerce-page-txt

osCommerce multiple Scripts 'page' param XSS Vendor url: http://www.oscommerce.com Vendor Bugtracker:http://www.oscommerce.com/community/bugs,4303 Advisore: http://lostmon.blogspot.com/2006/10/ oscommerce-multiple-scripts-page-param.html Vendor notify:yes osCommerce contains a flaw that allows a...

OZJournal v1.5 - XSS

OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...

Trojan free kill hardcover tutorials-vulnerability warning-the black bar safety net

The first part: of the domestic and foreign antivirus analysis In speaking of the positioning memory feature code before the first analysis of domestic and foreign famous antivirus memory search Kill features. Everyone in the use of the Trojan process will discover, the memory of killing, general...

Module's Name Content<<--V1.0 SQL injection

======================================== Discovered By: CrAzY CrAcKeR Site:www.alshmokh.com I want to thank my friend:- nono225-mHOn-rageh-Lover Hacker-Breeeeh BoNym-Rootshill-LiNuXrOOt-Sw33t h4ck3r ======================================== Example:-...

windowsitpro.txt

Windowsitpro.com Homepage: http://www.windowsitpro.com Effected files: Search input box Downloading whitepapers Search input box xss vuln with cookie disclosure: We convert our javascript to hex format so we don't recieve the default "Your request cannot be processed as this time" error message...

[NOBYTES.COM: #12] ViArt Shop v2.5.5 - XSS Vulnerability

ViArt Shop v2.5.5 Free and possibly Light, Standard, and Enterprise Authors Site: http://www.codetosell.com/ +-Examples:--------------------------------------------------+ XSS: /forum.php?forumid="scriptalert'XSS';/script&categoryid=1...

singapore097.txt

SOFTWARE: ========= singapore v0.9.7 DESCRIPTION: ============ The system is vulnerable to various XSS attacks google dork : "Powered by singapore v0.9.7" inurl:index.php?gallery 429 results : xss code example ================ www.site.com/images/index.php?gallery=gallery name&image=...

Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload

by Moroccan Security Team Geetz To All Freind +File Inclusion: Input passed to the "rub" parameter in "lire.php" isn't properly verified, before it is used to include remote files Successful exploitation requires that "registerglobals" is enabled. lire.php code ? 73...

TotalECommerce 1.0 - index.asp?id SQL Injection

TotalECommerce 1.0 - index.asp?id SQL Injection Original advisory: http://www.nukedx.com/?viewdoc=18 Advisory by: nukedx Full PoC Explotation: GET - http://victim/dir/index.asp?secao=PageID&id=SQL EXAMPLE 1 -...

cubecartXSS.txt

CubeCart 3.0.7-pl1 multiple variable Cross site scripting Vendor url: www.cubecart.com bug report:http://bugs.cubecart.com/?do=details&id=459 Advisore:http://lostmon.blogspot.com/2006/01/ cubecart-307-pl1-indexphp-multiple.html. vendor notify:yes exploit avalable: yes I recomended to all vendors ...