Virtual War v1.5.0 Multiple Vulnerabilities

Exploit for php platform in category web applications ===========================!Expl0!Ts!==================================== » --- Script : vwar150r15 » --- Exploit Title : Multiple Exploit SQL/Xss/Html Code injection/CSRF add admin » --- Date : 4- 01- 2012 » --- Author : Expl0!Ts » --- Softwa...

Ananta_Gazelle1.0.zip <= Multiple Vulnerabilities

Exploit for php platform in category web applications » AnantaGazelle1.0.zip » --- Date : 29- 03- 2012 » --- Author : Expl0!Ts » --- Software Link : http://garr.dl.sourceforge.net/project/ananta/stable/Gazelle%201.0%20stable/AnantaGazelle1.0.zip » --- Version: » --- Category: php » --- Tested on:...

CarChat24 HTML Injection

Exploit Title: CarChat24 HTML Injection Date: 18.03.2012 Author: Sony Software Link: http://www.carchat24.com/ Web Browser : Mozilla Firefox Site : http://insecurity.ro PoC: http://st2tea.blogspot.com/2012/03/carchat24-html-injection.html...

Fork CMS 3.2.7 Multiple HTML Code Injection Vulnerabilities

Summary Fork is an open source cms that will rock your world. Description Fork CMS suffers from multiple XSS vulnerabilities when parsing user input to several parameters in different scripts, via POST and GET methods. Attackers can exploit these weaknesses to execute arbitrary HTML and script co...

Apache Struts多个HTML代码注入漏洞

BUGTRAQ ID: 51902 CVE ID: CVE-2012-1006 Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts在实现上存在多个HTML注入漏洞，攻击者可利用这些漏洞在受影响浏览器中运行HTML和脚本代码，窃取Cookie身份验证凭证或控制站点外观。 0 Apache Group Struts 2.2.3 Apache Group Struts 2.0.14 厂商补丁： Apache Group ------------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版...

[PT-2011-01] Cross-Site Scripting in Kayako Support Suite

------------------------------------------------------------------ PT-2011-01 Positive Technologies Security Advisory Cross-Site Scripting in Kayako Support Suite ------------------------------------------------------------------ --- Vulnerable software Kayako Support Suite Version: 3.70.02-stabl...

PHP iReport 1.0 - Remote Html Code Injection

PHP iReport 1.0 - Remote Html Code Injection !/usr/bin/perl Title = phpireport v1.0 = Remote Html Code injection Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar Thnks : +----------------------------------+ | xSs m4n i-H...

iSupport 1.x Cross Site Request Forgery

!/usr/bin/perl Title : iSupport v1.x = Html Code injection to add admin Author : Or4nG.M4n Version : 1.x Homepage : http://www.idevspot.com/iSupport.php Google Dork: "Powered by iSupport 1.8 " Homepage : http://www.idevspot.com/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0...

php ireport v1.0 Remote Html Code injection

Exploit for php platform in category web applications !/usr/bin/perl Title = phpireport v1.0 = Remote Html Code injection Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar Thnks : +----------------------------------+ | xS...

iSupport 1.x - Cross-Site Request Forgery / HTML Code Injection (Add Admin)

!/usr/bin/perl Title : iSupport v1.x = Html Code injection to add admin Author : Or4nG.M4n Version : 1.x Homepage : http://www.idevspot.com/iSupport.php Google Dork: "Powered by iSupport 1.8 " Homepage : http://www.idevspot.com/ Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0...

w-CMS 2.01 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: W-Cms Multiple Vulnerability Date: 2012-01-09 Author: th3.g4m30v3r Site:http://w-cms.info/ Software Link: http://code.google.com/p/wcms/ Dork: intext:"Powered by w-CMS" Version : 2.01 Tested on: Window 7 Yogesh Kashyap, shubneet...

PT-2011-04: Cross-Site Scripting in Kayako Support Suite

Positive Research Center has discovered multiple XSS vulnerabilties in Kayako Support Suite. 1. Application insufficiently verifies subscriberdata incoming parameter in /staff/index.php?m=news&a=importexport script. An attacker with "staff" privileges can use the vulnerabilty to inject and execut...

PT-2011-01: Cross-Site Scripting in Kayako Support Suite

Positive Research Center has discovered XSS in Kayako Support Suite. Application insufficiently verifies incoming data in "Subject" parameter in LiveSupport module. An attacker can use the vulnerability to inject and execute HTML code and scripts in a user's browser within the trust relationship...

Skype 5.5.0.113 Cross Site Scripting

+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 08/17/2011 Vendor: ------- Skype Limited - http://www.skype.com/ Affected Software...

Fofou Forums Cross Site Scripting

Exploit Title: Permanent XSS and Html Code Injection in the Fofou Forums Google Dork: intext:Powered by fofou Date: 15.08.2011 Author: Sony Software Link: http://blog.kowalczyk.info/software/fofou/index.html Version: all version...

Safenet Sentinel and 7-T Input Sanitization Vulnerability

Overview ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input...

phpMyAdmin 'error.php' Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

leaftec cms multiple vulnerabilities

Exploit for php platform in category web applications ==================================== leaftec cms multiple vulnerabilities ==================================== Exploit Title: leaftec cms multiple vulnerabilities Date: 21.03.2010 Author: Valentin Version: Tested on: Debian etch CVE : Code : :...

leaftec CMS - Multiple Vulnerabilities

Exploit Title: leaftec cms multiple vulnerabilities Date: 21.03.2010 Author: Valentin Höbel Version: Tested on: Debian etch CVE : Code : :: General information :: leaftec cms multiple vulnerabilities discovered :: by Valentin Höbel :: [email protected] :: Product information :: Name = leafte...

Debian DSA-1883-1 : nagios2 - missing input sanitising

Several vulnerabilities have been found in nagios2, a host/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems : Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing...