Motigo Forums/Calendar/Guestbook Cross Site Scripting

Exploit Title: Motigo Forums/Calendar/Guestbook Cross Site Scripting Date: 28.01.2012 Author: Sony Software Link: http://motigo.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/motigo-forumscalendarguestbook-cross.html...

Aimoo Forums Cross Site Scripting

Exploit Title: Aimoo Forums Cross Site Scripting Date: 25.01.2012 Author: Sony Software Link: http://www.aimoo.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/aimoo-forums-cross-site-scripting.html...

Yuku Forums Cross Site Scripting

Exploit Title: Yuku Forums Cross Site Scripting Date: 24.01.2012 Author: Sony Software Link: http://www.yuku.com/ Google Dorks: inurl:.yuku.com intext:forum Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/yuku-forums-cross-site-scripting.htm...

Snitz Forums 2000 - TOPIC_ID SQL Injection

Snitz Forums 2000 - TOPICID SQL Injection source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to...

Snitz Forums 2000 - 'TOPIC_ID' SQL Injection

source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modi...

Hackers selling cheap BOTNETs and DDOS on forums

Hackers selling cheap BOTNETs and DDOS on forums The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Forums. Hackers are offering services like distributed denial of service...

FuseTalk Forums 3.2 - windowed Cross-Site Scripting

FuseTalk Forums 3.2 - windowed Cross-Site Scripting source: https://www.securityfocus.com/bid/51227/info FuseTalk Forums is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker could leverage this issue to execute arbitrary script co...

FuseTalk Forums 3.2 Cross Site Scripting

Exploit Title: FuseTalk Forums v3.2 Cross Site Scripting Date: 2.01.2012 Author: Sony Software Link: http://www.fusetalk.com/ Google Dorks: inurl:/login.cfm?windowed=yes Version: v3.2, maybe another version Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

Nabble Forums Cross Site Scripting

Date: 13.10.2011 Author: Sony Software Link: http://www.nabble.com/ Google Dorks: inurl:NamlServlet.jtp or inurl:/template/NamlServlet.jtp?macro=3D Browser: Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2011/10/nabble-forums-cross-site-scripting.html...

Comm100 Forums Arbitrary Redirect

Date: 8.10.2011 Author: Sony Software Link: http://comm100.com/ Google Dorks: Forum Powered by Comm100 Blog : http://st2tea.blogspot.com .................................................................. Demo: http://hosted.comm100.com/Forum/Default.aspx?siteid=10000 Before:...

Optima DDOS 10a Botnet leaked on Underground Forums

Optima DDOS 10a botnet leaked on Underground Forums On underground forums "Optima DDOS 10a Botnet" full version posted for all to download and use. Complete new version of the acclaimed DDoS bot Optima Darkness. In this new version 10a according to the author was raised in secrecy bot system and...

"SecurityTube Wi-Fi Security Expert" (SWSE) online certification Launched

"SecurityTube Wi-Fi Security Expert" SWSE online certification Launched SecurityTube released their first fully online certification today - "SecurityTube Wi-Fi Security Expert" SWSE . The most interesting thing and key difference from other certifications, is that they are giving out the entire...

Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities

The host is running Snitz and is prone to SQL injection and cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsnitzforums2000xssnsqlinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities Authors:...

Snitz Forums 2000 'members.asp' SQL Injection and Cross Site Scripting Vulnerabilities

Snitz is prone to SQL injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

14 Years in Jail for mass credit card theft

14 Years in Jail for mass credit card theft A 21 year old man received a 14 year prison sentenced on Friday for running an online business that sold counterfeit credit cards encoded with stolen account information with losses estimated at more than $3 million. Tony Perez III, of Hammond, Indiana,...

CVE-2010-4827

Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4826

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to inject arbitrary web script or HTML via the MNAME parameter. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4826

SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the MNAME parameter. NOTE: some of these details are obtained from third party information...