JibberBook Disclosure / Injection

» Script: JibberBook » Language: PHP » Website: http://jibberbook.com » Founder: Onur YILMAZ aka DJR » Site: www.onuryilmaz.info === data source of comments disclosure .xml file === » JibberBook/datalayer/xml/comments.xml === output === 127.0.0.1 Mozilla/5.0 Windows; U; Windows NT 6.0; en-US...

JibberBook GuestBook 2.3 Multiple Vulnerabilities

» Script: JibberBook » Language: PHP » Website: http://jibberbook.com » Founder: Onur YILMAZ aka DJR » Site: www.onuryilmaz.info === data source of comments disclosure .xml file === » JibberBook/datalayer/xml/comments.xml === output === message mID="m54a7c965f0318a7.23679427" name/name website /...

PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PHP Script Forum Hoster Topic Delete/XSS Multiple Vulnerabilities =================================================================== "Word is born Fight the war fuck the...

Sun Java Web Console Multiple XSS Vulnerabilities

The host is running Java Web Console and is prone to Multiple Cross-Site Scripting Vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavawebconsolexssvuln.nasl 4892 2016-12-30 15:39:07Z teissa $ Sun Java Web Console Multiple XSS Vulnerabilities Authors: Sharath S Copyright: Copyright c 2009...

Sun Java Web Console 3.0.2 - 3.0.5 Multiple XSS Vulnerabilities

Java Web Console is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

joomla -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being used. This can be...

horde-base -- multiple vulnerabilities

The Horde team reports: An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files. An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a user...

Vanilla 1.1.7 Cross Site Scripting

Author: Gerendi Sandor Attila Original advisory: http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html Date: May 14, 2009 Package: Vanilla 1.1.7 Product Homepage: http://getvanilla.com/ Versions Affected: v.1.1.7, 1.1.5 Other versions may also be affected Severity: Medium Inpu...

Claroline v.1.8.11 Cross-Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...

Claroline 1.8.11 Cross Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...

moinmoin -- cross-site scripting vulnerabilities

Secunia reports: Input passed via multiple parameters to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site...

Debian DSA-1770-1 : imp4 - Insufficient input sanitising

Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4182 It was discovered that imp4 suffers from a cross-site scripting XSS attack via the user field in an IM...

Mandriva Update for mandriva-kde-config MDVA-2008:197 (mandriva-kde-config)

Check for the Version of mandriva-kde-config OpenVAS Vulnerability Test Mandriva Update for mandriva-kde-config MDVA-2008:197 mandriva-kde-config Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

ESET Remote Administrator XSS Vulnerability

This host is running ESET Remote Administrator and is prone to remote Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodesetremoteadministratorxssvuln.nasl 6517 2017-07-04 13:34:20Z cfischer $ ESET Remote Administrator XSS Vulnerability Authors: Nikita MR Copyright:...

Image upload formula deceptive vulnerability tutorials-vulnerability warning-the black bar safety net

For the reader: the script to attack the lovers, ASP programmer Pre-knowledge: none Image upload formula spoofing attacks Wen/ Yan into the This vulnerability applies to all only check the uploaded file format of the program, put the images into HTML code, after uploading the executable to do the...

Ewebeditor2. 8. 0 Ultimate Edition delete arbitrary file vulnerability-vulnerability warning-the black bar safety net

Author: oldjun This vulnerability can very tasteless, it can be fatal, the key to see how you use! This vulnerability is present in Example\NewsSystem directory delete. asp file, which is ewebeditor test page, without the login you can go directly to, to see these code: 'The band"|"the string...

FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses...

Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns

Exploit for unknown platform in category web applications =============================================================== Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns =============================================================== START 0x01 Informations: Script : Gallery Kys 1...

Microsoft Internet Explorer 'screen[""]'远程拒绝服务漏洞

BUGTRAQ ID: 33149 CNCAN ID：CNCAN-2009010805 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer存在NULL指针引用问题，远程攻击者可以利用漏洞使应用程序崩溃。 如下的HTML代码可导致NULL PTR引用而使浏览器崩溃： BODY onload=screen"" Microsoft Internet Explorer 8 beta 2 Microsoft Internet Explorer 8 Beta 1 Microsoft Internet Explore...

myPHPscripts Login Session 2.0 - Cross-Site Scripting Database Disclosure

myPHPscripts Login Session 2.0 - Cross-Site Scripting Database Disclosure START 0x01 Informations: Script : myPHPscripts Login Session 2.0 Download : http://www.hotscripts.com/jump.php?listingid=69881&jumptype=1 Vulnerability : XSS / Database Disclosure Author : Osirys Contact : osirysatlivedotit...