55 matches found
Cross-site Request Forgery (CSRF) in Kryn.cms
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Kryn.cms which could be exploited to perform cross-site request forgery attacks. 1 Cross-site Request Forgery CSRF in Kryn.cms The vulnerability exists due to insufficient validation of the request origin in...
Cross-site Scripting (XSS) Vulnerabilities in odCMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in odCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in odCMS 1.1 The vulnerability exists due to input sanitation error in the "content" parameter in...
Cross-site Scripting (XSS) Vulnerabilities in Scribe CMS
High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in Scribe CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Scribe CMS 1.1 The vulnerability exists due to input sanitation error in the âfâ parameter in...
Cross-site Scripting (XSS) Vulnerabilities in synType CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in synType CMS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerability in synType CMS The vulnerability exists due to input sanitation error in...
Cross-site Scripting Vulnerability in Acuity CMS
High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Acuity CMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in Acuity CMS Input sanitation error was found in the "page" parameter in /admin/pages/addpage.asp. A...
Cross-site Scripting Vulnerability in ecoCMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in ecoCMS which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in ecoCMS: CVE-2010-5046 Input validation error was found in the "p" parameter in /admin.php. A remote attack...
Webring - Cross-Site Scripting
Webring - Cross-Site Scripting ======================================================================================== | Title : webring Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...
Cartweaver 2.16.11 - 'ProdID' SQL Injection
author:meoconxatvnbrain.net product:CartWeaver main site:www.cartweaver.com 1.with CFM CartWeaver: sql injection in: Details.cfm?ProdID=a' demo: http://www.jbracing.co.uk/Details.cfm?ProdID=1' exploit: http://www.xxx.com/Details.cfm?ProdID=sql query link admin: http://www.xxx.com/script...
AROUNDMe 0.6.9 remonte file inclusion
============================================== AROUNDMe 0.6.9 remonte file inclusion vendor site: http://barnraiser.org/ vulnerable versions: 0.6.9 and possibly older discovered by: noislet http://www.noislet.org/ vendor informed: 21.10.2006 published: 22.10.2006...
fastclick238.txt
Fast Click ----------- Fix : Contact the Vendor =========================================================== Aria Security Research Http://www.aria-security.net...
athena.txt
Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...
Remote file include in Q-News
Language: PHP Script: Q-News Version: 2.0 Official website: http://sourceforge.net/projects/q-news/ Problem: Remote file inclusion Discovered by: GB Description: =========== Q-News is a Quick News generator written in PHP that generates small text files that can be included a site, it has a lot o...
PHPWebThings <= 1.4 (forum) SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================= PHPWebThings / && print "+ MD5 hash of password is: $1\n"; print "- Unable to retrieve hash of password\n" if!$1; 0day.today 2018-04-08...
ShopCartCGI 2.3 - gotopage.cgi Traversal Arbitrary File Access
ShopCartCGI 2.3 - gotopage.cgi Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/9670/info It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input. Upon successful...
wwwthreads-5.5.txt
---------- Forwarded message ---------- Date: 30 Jan 2002 22:12:17 -0000 From: Root Extractor To: [email protected] Subject: WWWThreads, UBBThreads Security Hole in upload system WWWThreads, UBBThreads Security Hole in upload system Author: RootExtractor, CompuMe [email protected],...