Cybozu Garoon 2.0.0 - 2.1.3 XSS Vulnerability

Cybozu Garoon is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:garoon...

Cross-site Scripting (XSS) Vulnerability in Tiki Wiki CMS Groupware

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Tiki Wiki CMS Groupware, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Tiki Wiki CMS Groupware Input passed via the GET "ajax" parameter to snarfajax.php is not...

OPEN IT OverLook 'title.php' Cross Site Scripting Vulnerability

OverLook is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openit:overlook";...

Cross-site Scripting (XSS) Vulnerabilities in PHP Calendar Basic

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHP Calendar Basic which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in PHP Calendar Basic 1.1 The vulnerability exists due to input sanitation errors in...

Seo Panel Multiple Cross-site Scripting (XSS) Vulnerabilities

Seo Panel is prone to multiple Cross- site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

Ariadne 2.7.4 Cross Site Request Forgery

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Cross-site Scripting (XSS) Vulnerability in AJAX Calendar

High-Tech Bridge SA Security Research Lab has discovered vulnerability in AJAX Calendar which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in AJAX Calendar The vulnerability exists due to input sanitation error in the "y" parameter in...

Cross-site Scripting (XSS) Vulnerability in BackupPC

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BackupPC which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in BackupPC The vulnerability exists due to input sanitation error in multiple parameters in...

AR Web Content Manager (AWCM) 'search.php' Cross Site Scripting Vulnerability

AR Web Content Manager AWCM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Horde Gollem 'file' Cross-Site Scripting Vulnerability

Horde Gollem is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability

AR Web Content Manager AWCM v2.2 Cross-Site scripting Vulnerability SecPod Technologies www.secpod.com Author: Antu Sanadi SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution Class: Cross-Site Scripting Severity: Medium...

Feng Office Community版本跨站脚本执行和任意文件上传漏洞

Feng Office是一个开源的在线协作系统，采用BS架构，运用php语言开发而成。Feng Office原为OpenGoo，自OpenGoo1.61版开始，改称Feng Office。 Feng Office Community版本在实现上存在跨站脚本执行和任意文件上传漏洞，远程攻击者可利用此漏洞执行跨站脚本攻击和控制受影响系统。 1）在返回给用户之前没有正确过滤通过"filename"和"slimContent" POST参数发送到public/assets/javascript/slimey/save.php的输入。可被利用造成在受影响站点的浏览器会话中执行任意HTML和脚本代码...

Wordpress Relevanssi 2.7.2 Plugin Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Relevanssi User Searches WordPress plugin Stored XSS Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/relevanssi.2.7.2.zip Version: Relevanssi 2.7.2, WordPress 3.0.5 Tested on: FireFox 3.6.13, IE 8...

WordPress Plugin Relevanssi 2.7.2 - Persistent Cross-Site Scripting

WordPress Plugin Relevanssi 2.7.2 - Persistent Cross-Site Scripting Exploit Title: Relevanssi User Searches WordPress plugin Stored XSS Date: 20-2-2011 Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/relevanssi.2.7.2.zip Version: Relevanssi 2.7.2, WordPress 3.0.5 Teste...

MG2 0.5.1 Cross Site Scripting

MG2 0.5.1 Multiple XSS Vulnerabilities Vendor: MiniGal Product web page: http://www.minigal.dk Affected version: 0.5.1 Summary: MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost...

Multiple Vulnerabilities in IWantOneButton WordPress Plugin

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in IWantOneButton WordPress Plugin which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in IWantOneButton WordPress Plugin The vulnerability...

Vaadin Framework 6.0.0 - 6.4.8 XSS Vulnerability

Vaadin Framework is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple Vulnerabilities in ViArt Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ViArt Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in ViArt Shop The vulnerability exists due to input sanitation...

AneCMS 1.3 Persistant XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments...