CVE-2008-2302

Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...

AlstraSoft Web Host Directory v1.2

AlstraSoft Web Host Directory v1.2 Homepage: http://www.alstrasoft.com/ It should be noted too that the demo for this script is on a different domain which also sells a WebHost Directory which looks to be the same product/company called HyperStop WebHost Directory 1.2. Both scripts seem to be the...

PHP-Fusion 4/5 - 'Setuser.php' HTML Injection

source: https://www.securityfocus.com/bid/12853/info PHP-Fusion is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'setuser.php' script before using it in dynamically generated content. This...

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/11949/info A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead...

Apple Safari Web Browser 1.x - HTML Form Status Bar Misrepresentation

source: https://www.securityfocus.com/bid/11949/info A vulnerability has been identified in Apple Safari Web Browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. The issue presents itself...

PHP-Nuke 7.4 - Privilege Escalation

A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: milw0rm.com 2004-09-08...

Expinion.net Member Management System 2.1 - 'register.asp?err' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate...

PHPNUKE 6 XSS Vulnerabilities

http://www.phpnuke.org/modules.php?name=Search Enter: scriptalertdocument.cookie;/script in form, click Search. Needless to say these bugs won't go away. The vendor WOULD HAVE been contacted if they just gave an email address without having to subscribe to nukesupport/phpnuke - maybe I don't use...

CVE-2001-1281

Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form...

Smartwin Technology CyberOffice Shopping Cart 2.0 - Price Modification

Smartwin Technology CyberOffice Shopping Cart 2.0 - Price Modification source: https://www.securityfocus.com/bid/1733/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. The order form CyberOffice Shoppi...

everythingform.txt

Content-Type: Remote Root via vulnerible CGI software Date : 13/08/2000 Sender : s1gnal9 Subject : everythingform.cgi Vulnerible CGI X-System : UNIX/NT systems running the everythingform.cgi CGI software X-Status : s1gnal9-ADVISORY-everythingform.txt X-Greets : Narr0w, f0bic, VetesGirl PRODUCT...