1197 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via 1 $SERVER'HTTPHOST' or 2...
Cross-Site Scripting (XSS) Vulnerabilities in Flogr
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Flogr, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS Vulnerabilities in Flogr: CVE-2012-4336 Input appended to the URL after /index.php is not properly sanitised before...
NeXus Infotech CMS SQL Injection
Exploit title : NeXus Infotech CMS SQL Injection Vulnerability Date : May 05,2012 Author : gr00vehack3r Contact : groove.hacker7/a/t/gmail.com Homepage : www.gr00ve-hack3r.com Vendor : NeXus Infotech Vendor Site : http://www.nexusinfotech.org/ Google Dork : intext:"Powered By NeXus Infotech"...
phpPaleo 4.8b156 Local File Inclusion
'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter. II...
Pragyan CMS 3.0 - Remote File Disclosure
Title Pragyan CMS v 3.0 = Remote File Disclosure Author Or4nG.M4n Download http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2 vuln download.lib.php line 16 vuln index.php line 234 $GET'fileget' exploit...
Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion
Exploit for php platform in category web applications Exploit Title: Relocate Upload Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/relocate-upload Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...
MantisBT 1.2.7 Cross Site Scripting / Local File Inclusion
Vulnerability ID: HTB23045 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinmantisbt.html Product: MantisBT Vendor: www.mantisbt.org http://www.mantisbt.org/ Vulnerable Version: 1.2.7 and probably prior Tested Version: 1.2.7 Vendor Notification: 31 August 2011 Vulnerability...
docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities
docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; alert1" / input type="hid...
Tomato Gallery 1.2 (logged only) Persistant Xss Vunerability
Exploit for php platform in category web applications author: lemlajt software link: http://tomatogallery.yzx.se/ version: 1.2 tested on: linux cve : poc0.1 : 1. http://localhost/www/cmsadmins/tomatogallery12/edit/index.php 2. click @ "Add Separator" and type: bla'';!--alert document.cookie=& in...
e107 v0.7.23 SQL Injection Vulnerability
Exploit for php platform in category web applications ======================================== e107 v0.7.23 SQL Injection Vulnerability ======================================== Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions...
e107 0.7.23 - SQL Injection
e107 0.7.23 - SQL Injection Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010...
SQL injection vulnerability in e107
Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010 Vulnerability Type: SQL Injectio...
Apache JackRabbit 2.0.0 XPath Injection
Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...
Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty
Exploit for jsp platform in category web applications =========================================================== Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty =========================================================== Title: Apache JackRabbit webapp XPath Injection Author: ADEO...
Apache JackRabbit 2.0.0 - webapp XPath Injection
Apache JackRabbit 2.0.0 - webapp XPath Injection Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip...
Apache JackRabbit 2.0.0 - webapp XPath Injection
Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...
DEBIAN-CVE-2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...
Sql injection
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter...
SphereCMS 1.1 Alpha Blind SQL Injection
www.BugReport.ir AmnPardaz Security Research Team Title: SphereCMS Blind SQL Injection Vulnerability Vendor: http://sphere.xlentprojects.se/ Vulnerable Version: 1.1 alpha Latest version till now Exploitation: Remote with browser Fix: N/A - Description: SphereCMS is a CMS which allow managing foru...
Joomla yt_color YOOOtheme XSS and Cookie Stealing
Exploit for unknown platform in category web applications ================================================= Joomla ytcolor YOOOtheme XSS and Cookie Stealing ================================================= The GET variable ytcolor can be set to any script Example 1:...