TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary HTML and script code i...

orkutXSS.txt

Hi, I found this little XSS thing with the search.aspx page of orkut.com. The page uses GET method to get user criteria for searching the profiles of people. The fields textboxAgeFrom and textboxAgeTo in the URL are not verified and one can inject any html code using these parameters. Proof of...

FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)

Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...

1asphost.txt

This is an URL Bug on 1ASPHost & DomainDLX Hosting Services Internet Sites : We Can Run Script, META Tag Or HTML Code. JScript Example 1ASP Host : http://www.1asphost.com/MainLogin.aspx?error=alert'HACKED%20!' Example DomainDLX http://www.domaindlx.com/MainLogin.aspx?error=alert'HACKED%20!'...

Trojan rampage beware of the QQ expression hidden behind the conspiracy-bug warning-the black bar safety net

Editor's note: I believe that QQ is the majority of users are very familiar with the chat tool. A considerable part of the friends for QQ custom emoticons very favorite, or even make your own personalized custom emoticons to share to everyone. But we enjoy a variety of personalized expression,...

[Full-disclosure] WebEOC Vuln - more info

Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6 Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to...

NOCC 1.0 - filter_prefs.php?html_filter_select Cross-Site Scripting

NOCC 1.0 - filterprefs.php?htmlfilterselect Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...

NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...

[waraxe-2006-SA#044] - XSS in phpNuke 7.8 and older versions

================================================================================ waraxe-2006-SA044 ================================================================================ XSS in phpNuke 7.8 and older versions ===============================================================================...

[NT] Internet Explorer 7.0 Beta 2 urlmon.dll Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

MyBB-sig.txt

NightWarrior nightwarrior771athotmail.com MyBB Signature HTML Code Injection http://www.mybboard.com/ example: Contact :nightwarrior771athotmail.com NightWarrior...

ldu-inject.txt

NightWarrior nightwarrior771athotmail.com Land Down Under Signature HTML Code Injection http://www.neocrome.net example: BODY background-image: url'http://www.geocities.com/nightwarrior771/blank.jpeg'; Contact :nightwarrior771athotmail.com NightWarrior...

[Full-disclosure] RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability

OS2A RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability OS2A ID: OS2A1004 Status 01/06/2006 Issue Discovered 01/06/2006 Reported to the vendor 01/19/2006 Patch Released 01/20/2006 Advisory Released Class: Denial of Service / Script Injection Severity: CRITICAL...

Land Down Under Signature HTML Code Injection

NightWarriorKurdish Hacker nightwarrior771athotmail.com Land Down Under Signature HTML Code Injection http://www.neocrome.net example: STYLE =text/cssBODY background-image: url'http://www.geocities.com/nightwarrior771/blank.jpeg'; /STYLE Contact :nightwarrior771athotmail.com NightWarriorKurdihs...

MyBB Signature HTML Code Injection

NightWarriorKurdish Hacker nightwarrior771athotmail.com MyBB Signature HTML Code Injection http://www.mybboard.com/ example: img src=&106&97&118&97&115&99&114&105&112&116&58&97&108&101&114&116&40&39&88&83&83&39&41 Contact :nightwarrior771athotmail.com NightWarriorKurdihs Hacker...

XMB Forum HTML Code Injection

NightWarriorKurdish Hacker nightwarrior771athotmail.com XMB Forum HTML Code Injection http://www.xmbforum.com/ Post This Code: img src=javascript:alert'XSS' Contact :nightwarrior771athotmail.com NightWarriorKurdihs Hacker...

[HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1

Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Risk: High - Note from the author Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use...

Surprise storms, IE6 latest vulnerability code, you can hung it-vulnerability warning-the black bar safety net

Today ncph group testing found that the JavaScript IE 6 vulnerability Its use of code as follows: script type="text/jscript" function init document. write"The time is:" + Date ; window. onload = init; /script Using this code you can hide the page in front of html code, run after it can only see t...

httprint 202.0 - HTTP Response Server Field Arbitrary Script Injection

httprint 202.0 - HTTP Response Server Field Arbitrary Script Injection source: https://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. The first issue may allow remote attackers to execute arbitrary HTML and script code in a user's browser. The second...

httprint 202.0 - HTTP Response Server Field Arbitrary Script Injection

source: https://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. The first issue may allow remote attackers to execute arbitrary HTML and script code in a user's browser. The second issue may allow remote attackers to crash an instance of the application...