onepound Shop / CMS XSS and SQL Injection Vulnerabilities

No description provided by source. :: General information :: onepound shop / cms XSS and SQL Injection vulnerabilities :: by Valentin Hoebel :: [email protected] :: Product information :: Name = onepound shop / cms :: Vendor = onepound :: Vendor Website = http://www.onepound.cn :: About the...

Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection

Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI Date: 27-11-2009 Author: K053 Vendor: http://www.micronet.info/modeldetail.aspx?seriesno=6&sno=472 Tested on : Private Networks ------------------------------------------------------------------------------------ Note...

Mango Blog 1.4.1 'archives.cfm/search' Cross Site Scripting Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-87080' vul ID version = '1' author = 'fenghh' vulDate = '2010-03-03' createDate =...

AldWeb MiniPortail 1.9/2.x LNG Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized fr...

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities

No description provided by source. Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://www.articlesetup.com/ Advisory : http://secpod.org/blog/?p=497...

Endpoint Protector 4.0.4.2 - Multiple Persistent XSS

No description provided by source. Advisory Name: Multiple Persistent Cross-Site Scripting XSS in Endpoint Protector Internal Cybsec Advisory Id: 2012-1029-Multiple Persistent XSS in Endpoint Protector Vulnerability Class: Permanent Cross-Site Scripting XSS Release Date: 10/29/2012 Affected...

PHP iReport 1.0 - Remote Html Code injection

No description provided by source. !/usr/bin/perl Title = phpireport v1.0 = Remote Html Code injection Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0...

iSupport 1.x - CSRF HTML Code Injection to Add Admin

No description provided by source. !/usr/bin/perl Title : iSupport v1.x = Html Code injection to add admin Author : Or4nG.M4n Version : 1.x Homepage : http://www.idevspot.com/iSupport.php Google Dork: Powered by iSupport 1.8 Homepage : http://www.idevspot.com/ Thnks :...

Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/11590/info Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. This issue may be leveraged by an attacker to display false information in the status bar of an unsuspecting user, allowing an attack...

MyHelpDesk 20020509 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for...

WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12009/info It is reported that WorkBoard is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could...

CutePHP CuteNews 1.3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of...

Mozilla Firefox 2.0.0.7 Malformed XBL Constructor Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26172/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Firefox...

Nuke Bookmarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12907/info Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate t...

Mewsoft NetAuction 3.0 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5023/info NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will b...

Pluck CMS 4.7 - HTML Code Injection

No description provided by source. Exploit Title: Pluck CMS CSRF - Injecting malicious contents to pagess Date: 2013 4 August Exploit Author: Yashar shahinzadeh Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://www.pluck-cms.org/ Tested on: Linux & Windows, PHP 5.2.9...

Zwiki 0.10/0.36.2 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11745/info It is reported that Zwiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamic...

Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25222/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote attacker entices a victim user to visit...

PHP ManualMaker 1.0 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18244/info PHP ManualMaker is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...

Miro Broadcast Machine 0.9.9 Login.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26407/info Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script...