134 matches found
Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities
The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2 or 7.1. It is, therefore, affected by the following vulnerabilities : - An error exists related to saved passwords and the incorrect automatic filling of HTML forms. A remote attacker can exploit this to...
XAMPP <= 1.7.3 multiple vulnerabilites
No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...
[Havij 1.17] Automated and Advanced SQL Injection
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and...
CGI Generic Cross-Site Request Forgery Detection (potential)
Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery XSRF protection. The web application might be vulnerable to XSRF attacks. Note that : - Nessus did not exploit the flaw. - Nessus cannot...
Exploit Release : XAMPP 1.7.3 multiple Vulnerabilities
Exploit Title: XAMPP = 1.7.3 multiple vulnerabilites Author: TheLeader Software Link: https://www.apachefriends.org/en/xampp-windows.html Affected Version: 1.7.3 and prior Tested on Windows XP Hebrew, Service Pack 3 I. File disclosure : XAMPP is vulnerable to a remote file disclosure attack. The...
XAMPP 1.7.3 - Multiple Vulnerabilities
XAMPP 1.7.3 - Multiple Vulnerabilities / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / ,'; if $REQUEST'showcode' != 1 echo ''.$TEXT'global-showcode'.''; else $file = filegetcontentsbasename$SERVER'PHPSELF'; echo "".$TEXT'global-sourcecode'.""; echo ""; echo...
Phishing Tool
Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...
CVE-2009-0237
Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...
Cross site scripting
Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...
NeBoard Sql Injection Vulnerability
Discovered by : AleminKrali NeBoard Sql Injection Vulnerability Post Sql Dork :inurl:show.asp?id= ref= step= level= page= 2 html form 1.Form:It takes it:ID NAME 2.Form:Admin Password and later HTTP://SITE.COM/admin/boardedit.asp?id=IDNAME we are entering and 2.form Admin Password ile Login we are...
JVN#45389864 CGIWrap error page cross-site scripting vulnerability
CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...
yet more XSS in older versions of ColdFusion
This only affects ColdFusion versions 5 and below. It does not affect CFMX. This is similar to previously reported XSS issues with CF, but not identical to any that I have seen reported. Cold Fusion has a "feature" that allows a developer to add validation to HTML forms by using specially named...
liberoXSS.txt
--Security Report-- Advisory: libero.it XSS vulnerability - HTML injection --- Author: Davide Denicolo --- Date: 28/04/06 --- Contact: davidesecurityinfos.com --- Vendor: ItaliaOnLine S.r.l http://www.libero.it Service: Web Level: Low --- Description: Libero.it is a Web portal of big Italian ISP:...
Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page
Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...