1491 matches found
CVE-2010-0608
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums parameter in a search action...
dotProject 2.1.3 - Cross-Site Scripting / Improper Permissions
Exploit Title: dotProject 2.1.3 XSS and Improper Permissions Date: Dec 15 2009 Author: h00die [email protected] & S0lus Software Link: http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.3/dotproject213.zip/download Version: 2.1.3 Tested on: BT4 pre-final Greetz to...
dotProject 2.1.3 - Cross-Site Scripting Improper Permissions
dotProject 2.1.3 - Cross-Site Scripting Improper Permissions Exploit Title: dotProject 2.1.3 XSS and Improper Permissions Date: Dec 15 2009 Author: h00die [email protected] & S0lus Software Link:...
dotProject 2.1.3 XSS and Improper Permissions
Exploit for unknown platform in category web applications ============================================= dotProject 2.1.3 XSS and Improper Permissions ============================================= Exploit Title: dotProject 2.1.3 XSS and Improper Permissions Date: Dec 15 2009 Author: h00die Softwar...
SilverStripe Forums Module 'Search' Parameter XSS
The SilverStripe CMS install hosted on the remote web server includes a version of the Forums module that is affected by a cross-site scripting vulnerability. User input to the 'Search' parameter is not sanitized before being used to generate dynamic HTML. An attacker can exploit this flaw to...
ABB Forums 1.1 Database Disclosure
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== » ABB v1.1 Forum Remote Database...
ABB 1.1 - Forum Remote Database Disclosure
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== » ABB v1.1 Forum Remote Database...
ABB 1.1 - Forum Remote Database Disclosure
ABB 1.1 - Forum Remote Database Disclosure ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
ABB v1.1 Forum Remote Database Disclosure Vulnerability
Exploit for unknown platform in category web applications ======================================================= ABB v1.1 Forum Remote Database Disclosure Vulnerability ======================================================= » Script: ABB Forums » Language: ASP » Site page: Possede de tres...
Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection
The version of Snitz Forums 2000 hosted on the remote host fails to sanitize input to the 'X-Forwarded-For' header in the 'active.asp' script when called with the 'AllRead' POST parameter set to 'Y' before using it to construct a database query. An unauthenticated, remote attacker can leverage th...
Snitz Forums 2000 'X-Forwarded-For' SQL Injection Vulnerability
Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
CVE-2009-4554
Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...
CVE-2009-4554
CVE-2009-4554 refers to multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 version 3.4.07. The weaknesses allow remote attackers to inject arbitrary JavaScript/HTML via: (1) the url parameter to pop_send_to_friend.asp (related to a crafted onload attribute of an IMG element)...
CVE-2009-4554
Multiple cross-site scripting XSS vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via 1 the url parameter to popsendtofriend.asp, related to a crafted onload attribute of an IMG element; or 2 an onload attribute in a sound tag...
Multi Forums 1.3.3 Cross Site Scripting
======================================================================================== | Title : Multi Forums Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Total alerts found : 2...
Multi Forums v1.3.3 XSS Vulnerability
No description provided by source. ======================================================================================== | Title : Multi Forums Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...
Graugon Forums Cross Site Scripting
======================================================================================== | Title : Graugon Forums Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | Web Site :...
I-Escorts Directory (country_escorts.php country_id) SQL Injection
Exploit for unknown platform in category web applications ================================================================================ I-Escorts Directory countryescorts.php countryid SQL Injection Vulnerability ================================================================================...
Web Wiz Forums 9.64 Database Disclosure
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || || ============================================================================== » Note : Some forums may change the...