iSupport 1.x - Cross-Site Request Forgery / HTML Code Injection (Add Admin)

!/usr/bin/perl Title : iSupport v1.x = Html Code injection to add admin Author : Or4nG.M4n Version : 1.x Homepage : http://www.idevspot.com/iSupport.php Google Dork: "Powered by iSupport 1.8 " Homepage : http://www.idevspot.com/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0...

w-CMS 2.01 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: W-Cms Multiple Vulnerability Date: 2012-01-09 Author: th3.g4m30v3r Site:http://w-cms.info/ Software Link: http://code.google.com/p/wcms/ Dork: intext:"Powered by w-CMS" Version : 2.01 Tested on: Window 7 Yogesh Kashyap, shubneet...

SQLiteManager <= 1.2.4 Multiple XSS Vulnerabilities

SQLiteManager is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Lenovo based information distribution system the presence of a CRLF injection/HTTP response splitting-vulnerability warning-the black bar safety net

Brief description: It is a remote attacker to inject custom HTTP headers. The attacker can inject a session cookie or HTML code. This may be theXSS（cross-site scripting or session fixation vulnerability. Detailed description: URL-encoded input langid set SomeCustomInjectedHeader: the injectedbywv...

AShop - Open Redirection Cross-Site Scripting

AShop - Open Redirection Cross-Site Scripting source: https://www.securityfocus.com/bid/50616/info AShop is prone to multiple open-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execu...

Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities

This host is running Eclime and is prone to multiple cross site scripting and SQL injection vulnerabilities. OpenVAS Vulnerability Test $Id: gbeclimemultsqlinjnxssvuln.nasl 5793 2017-03-30 13:40:15Z cfi $ Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities Authors: Antu Sanadi...

Innovate Portal 2.0 - &#039;cat&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/50295/info Innovate Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in th...

asgbookPHP 1.9 - index.php Cross-Site Scripting

asgbookPHP 1.9 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/50167/info asgbookphp is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script...

AWStats 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities

This host is running AWStats and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbawstatsawredirmultxssvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ AWStats 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities Authors: Sooraj KS Copyright: Copyrigh...

Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities

Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49587/info Papoo CMS Light is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

Xataface WebAuction / Librarian DB XSS / LFI / SQL Injection

Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...

Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities

Xataface WebAuction/Librarian DB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xataface WebAuction and Xataface Librarian DB - Multiple Vulnerabilities

Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...

PT-2011-04: Cross-Site Scripting in Kayako Support Suite

Positive Research Center has discovered multiple XSS vulnerabilties in Kayako Support Suite. 1. Application insufficiently verifies subscriberdata incoming parameter in /staff/index.php?m=news&a=importexport script. An attacker with "staff" privileges can use the vulnerabilty to inject and execut...

PT-2011-01: Cross-Site Scripting in Kayako Support Suite

Positive Research Center has discovered XSS in Kayako Support Suite. Application insufficiently verifies incoming data in "Subject" parameter in LiveSupport module. An attacker can use the vulnerability to inject and execute HTML code and scripts in a user's browser within the trust relationship...

Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...

Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities

Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49292/info Open Classifieds is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues t...

ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary...

Skype 5.5.0.113 Cross Site Scripting

+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 08/17/2011 Vendor: ------- Skype Limited - http://www.skype.com/ Affected Software...