Horde Gollem 'file' Cross-Site Scripting Vulnerability

Horde Gollem is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability

AR Web Content Manager AWCM v2.2 Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution Class: Cross-Site Scripting Severity: Medium...

Feng Office Community版本跨站脚本执行和任意文件上传漏洞

Feng Office是一个开源的在线协作系统，采用BS架构，运用php语言开发而成。Feng Office原为OpenGoo，自OpenGoo1.61版开始，改称Feng Office。 Feng Office Community版本在实现上存在跨站脚本执行和任意文件上传漏洞，远程攻击者可利用此漏洞执行跨站脚本攻击和控制受影响系统。 1）在返回给用户之前没有正确过滤通过"filename"和"slimContent" POST参数发送到public/assets/javascript/slimey/save.php的输入。可被利用造成在受影响站点的浏览器会话中执行任意HTML和脚本代码...

Wordpress Relevanssi 2.7.2 Plugin Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Relevanssi User Searches WordPress plugin Stored XSS Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/relevanssi.2.7.2.zip Version: Relevanssi 2.7.2, WordPress 3.0.5 Tested on: FireFox 3.6.13, IE 8...

WordPress Plugin Relevanssi 2.7.2 - Persistent Cross-Site Scripting

WordPress Plugin Relevanssi 2.7.2 - Persistent Cross-Site Scripting Exploit Title: Relevanssi User Searches WordPress plugin Stored XSS Date: 20-2-2011 Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/relevanssi.2.7.2.zip Version: Relevanssi 2.7.2, WordPress 3.0.5 Teste...

MG2 0.5.1 Cross Site Scripting

MG2 0.5.1 Multiple XSS Vulnerabilities Vendor: MiniGal Product web page: http://www.minigal.dk Affected version: 0.5.1 Summary: MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost...

Multiple Vulnerabilities in IWantOneButton WordPress Plugin

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in IWantOneButton WordPress Plugin which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in IWantOneButton WordPress Plugin The vulnerability...

Vaadin Framework 6.0.0 - 6.4.8 XSS Vulnerability

Vaadin Framework is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple Vulnerabilities in ViArt Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ViArt Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in ViArt Shop The vulnerability exists due to input sanitation...

AneCMS 1.3 Persistant XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments...

AneCMS 1.3 - Persistent Cross-Site Scripting

AneCMS 1.3 - Persistent Cross-Site Scripting Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that doe...

AneCMS 1.3 - Persistent Cross-Site Scripting

Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get filtered for HTML-Code. Simply add ...

Zhumadian-day U.S.-China food network v3. 0 Business Edition XSS add management-vulnerability warning-the black bar safety net

Version:Zhumadian days of the U.S. Food network v3. 0 Business Edition Keywords:inurl:wenhuadisplay. asp XSS Code: iframe src=http:// 空间 的 域名 /xss.html Html Code: form name="admin" action="http:// 这里 目标 站 域名 /admin/adminaddsave.asp" method="POST" onSubmit="return validatethis" input type="text"...

Mandriva Update for git MDVSA-2010:256 (git)

Check for the Version of git OpenVAS Vulnerability Test Mandriva Update for git MDVSA-2010:256 git Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Social Share 2010-06-05 Cross Site Scripting

www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...

Cross-site Request Forgery (CSRF) Vulnerabilities in PHP MicroCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in PHP MicroCMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in PHP MicroCMS 1.1 The vulnerability exists due to insufficient validation of the...

Social Share Cross Site Scripting

=========================================== www.eVuln.com advisory: "title" and "ur"l - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/164/summary.html Details: http://evuln.com/vulns/164/description.html -----------Summary----------- eVuln ID: EV0164 Software: Social Share...

slickMsg 0.7-alpha Cross Site Scripting

www.eVuln.com advisory: error - Non-persistent XSS in slickMsg Summary: http://evuln.com/vulns/163/summary.html Details: http://evuln.com/vulns/163/description.html -----------Summary----------- eVuln ID: EV0163 Software: slickMsg Vendor: n/a Version: 0.7-alpha Critical Level: low Type: Cross Sit...

Gitweb 1.7.3.3 Cross Site Scripting

-8 Description 8--8 Proof Of Concept 8- " -8 Credits 8--8 Notes 8--8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...

gitWeb 1.7.3.3 - Cross-Site Scripting

gitWeb 1.7.3.3 - Cross-Site Scripting -8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...