59 matches found
Malicious Package
Overview Version 0.4.8 of s3asy contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.4.8 of this module is found installed you...
Login Form Detected
This is an informational notice that the scanner identified a potential login form that could be used by the scanner to authenticate and have access to additional pages for extending its coverage. No source data...
WordPress Cool Flickr Slideshow 1.0 Cross Site Scripting Vulnerability
WordPress Cool Flickr Slideshow plugin version 1.0 suffers from a cross site scripting vulnerability. | Exploit Title: Wordpress cool-flickr-slideshow Plugin Cross Site Scriptingxss | Exploit Author: Ashiyane Digital security Team | Vendor...
[SECURITY] Fedora 23 Update: python-tgcaptcha2-0.3.1-1.fc23
TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...
phpDolphin 2.0.5 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are...
toronto-theatre.com XSS vulnerability
Vulnerable URL: http://www.toronto-theatre.com/review/reviewform.php?itemid=%27%22%3E%3Csvg/onload=alert%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 21.11.2017 Latest check for patch:| 21.11.2017 21:42 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass
WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthoriz...
XSS in answer my question plugin
Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...
DEDECMS get SHELL EXP-vulnerability warning-the black bar safety net
Network transmission is said to know the background to use, but don't, as long as the plus the directory exists, the server can even outside, you can get the shell www.t00ls.net5 G$ w& h" m! n9 S: G Before the title conditions, you must ready yourself for the dede database, and then insert the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys...
CVE-2010-4797
CVE-2010-4797 : Public records indicate multiple SQL injection vulnerabilities in the login form of Truworth Flex Timesheet . Attacks can exploit the Username or Password fields to execute arbitrary SQL commands remotely. The provided documents do not specify affected versions, root cause detail,...
AtACimo RC2 (index.php) XSS Vulnerability
Exploit for unknown platform in category web applications ========================================= AtACimo RC2 index.php XSS Vulnerability ========================================= Exploit Title: AtACimo RC2 index.php XSS Vulnerability Date: 2010-02-25 Author: sniper ip Software Link:...
Possible User ID and Password Sent Within a Web Form (GET)
Binary data 4673.prm...
CVE-2007-2207
CVE-2007-2207 involves a SQL injection in the Ripe Website Manager up to version 0.8.4, exploitable via the ripeformpost parameter in contact/index.php. The vulnerability allows remote attackers to manipulate SQL commands; impact details are cited as partial confidentiality/integrity/availability...
Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change
PASSWORD: Change Profile UserName= FIRST: LAST:...
P.A.I.D v2.2
P.A.I.D v2.2 Homepage: http://www.webexceluk.net Effected files: faq.php input form of logging in. index.php The input forms of logging into My Account do not sanatize user input. For PoC of a XSS attack simply put in: "IMG SRC=javascript:alert'XSS'" It also seems when logging in, even if your...
FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit
No description provided by source. !-- Change action="http://profile.php" under the form tags /str0ke -- !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"htmlheadMETA http-equiv="Content-Type" content="text/html; charset=utf-8"/headbodyform enctype="multipart/form-data"...
FunkBoard CF0.71 - 'profile.php' Remote User Pass Change
/str0ke -- Profile User Name ajann Membership Number 247 First Registered Sat 03 Jun 2006 at 09:20:14 pm Last Login Sat 03 Jun 2006 at 09:21:45 pm Number of posts 0 Stat...
[Full-Disclosure] [bWM#017] Cross-Site-Scripting @ PHPKIT
http://badWebMasters.net ben moeckel security research ------------------------------------------------- badWebMasters security advisory 017 Cross Site Scripting @ PHP-Kit Discovery date: 2003-09 Original advisory: http://badwebmasters.net/advisory/017/ text/html Legal Notice: Copyright 2003 by...