WordPress WP-UserOnline 2.6.2插件脚本注入漏洞

BUGTRAQ ID: 41335 WordPress是一款免费的论坛Blog系统。 WordPress所使用的WP-UserOnline插件没有正确地过滤附加给安装路径后的URL的输入便在wp-content/plugins /wp-useronline/wp-useronline.php中显示给了用户，当用户查看时就会导致执行所注入的HTML和脚本代码。 WordPress WP-UserOnline 2.6.2 厂商补丁： WordPress --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative...

Kryn.cms 6.0 - Cross-Site Request Forgery / HTML Injection

source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected...

Cross-site Scripting (XSS) Vulnerability in CompactCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in CompactCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CompactCMS The vulnerability exists due to input sanitation error in the "keywords" parameter in...

Cross-site Scripting (XSS) Vulnerabilities in CruxCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CruxCMS: CVE-2008-0700 The vulnerability exists due to input sanitation error in the "search"...

Joomla! 1.6.0 Alpha2 - Cross-Site Scripting

Joomla! 1.6.0 Alpha2 - Cross-Site Scripting Title:Joomla1.6.0-Alpha2 XSS Vulnerabilities Date: 2010-05-02 Author: mega-itec.com Software Link: http://joomlacode.org/gf/download/frsrelease/11322/45252/Joomla1.6.0-Alpha2-Full-Package.zip Version: 1.6.0-alpha2 Tested on: relevant os CVE : Code :...

Profi Einzelgebots Auktions System Cross Site Scripting

x Author: Andrea Bocchetti x Homepage : www.geekit.it // Software Info Name : Profi Einzelgebots Auktions System Demo : http://hiweb-wiesbaden.de/hammerdealv3/ Price : 399.99 Exploit : http://www.site.com/hammerdealv3/suche.php This script is possibly vulnerable to Cross Site Scripting XSS attack...

leaftec CMS - Multiple Vulnerabilities

Exploit Title: leaftec cms multiple vulnerabilities Date: 21.03.2010 Author: Valentin Höbel Version: Tested on: Debian etch CVE : Code : :: General information :: leaftec cms multiple vulnerabilities discovered :: by Valentin Höbel :: [email protected] :: Product information :: Name = leafte...

leaftec cms multiple vulnerabilities

Exploit for php platform in category web applications ==================================== leaftec cms multiple vulnerabilities ==================================== Exploit Title: leaftec cms multiple vulnerabilities Date: 21.03.2010 Author: Valentin Version: Tested on: Debian etch CVE : Code : :...

Debian DSA-1883-1 : nagios2 - missing input sanitising

Several vulnerabilities have been found in nagios2, a host/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems : Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing...

Mozilla Firefox 3.6 (memory corruption) Denial Of Service

Exploit for unknown platform in category dos / poc ========================================================= Mozilla Firefox 3.6 memory corruption Denial Of Service ========================================================= - Discovered by: Crux - Exploit name: Mozilla Firefox 3.6 memory corruptio...

SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code,...

Microsoft Windows SharePoint Services Cross Site Scripting (MS07-059; CVE-2007-2581)

Microsoft Windows SharePoint Services WSS is an add-on component of Windows Server. WSS is based on IIS and ASP.NET technologies, providing a basic portal infrastructure, collaborative editing of documents, document organization, and version control capabilities. SharePoint functionality is expos...

PacketFence Network Access Controller XSS vulnerability

Exploit for unknown platform in category web applications ======================================================= PacketFence Network Access Controller XSS vulnerability ======================================================= Title : Injection Flaw in PacketFence Network Access Controller Date :...

PacketFence Network Access Controller - Cross-Site Scripting

PacketFence Network Access Controller - Cross-Site Scripting Title : Injection Flaw in PacketFence Network Access Controller Date : 20-12-2009 Author : K053 Tested on : Private Networks Download : http://www.packetfence.org/download/releases.html Note : ------ PacketFence is a fully supported, Fr...

eUploader PRO 3.1.1 XSRF / XSS

----------------------------------------------------------------------------------------------- Title: eUploader PRO 3.1.1 XSRF/XSS Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 16. December 2009...

Micronet SP1910 Cross Site Scripting

Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI Date: 27-11-2009 Author: K053 Vendor: http://www.micronet.info/modeldetail.aspx?seriesno=6&sno=472 Tested on : Private Networks ------------------------------------------------------------------------------------ Note...

Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection

Exploit for unknown platform in category web applications =================================================================== Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection =================================================================== Exploit: XSS & Html code injection ...

PHP-Nuke <= 8.0 XSS & HTML Code Injection in News Module

No description provided by source. Software Link: http://www.phpnuke.org/modules.php?name=Downloads&dop=viewdownload&cid=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= note : This bug found by tampering passed data . coders don't sanitize and check user entry point for news rate...

Micronet SP1910 Data Access Controller UI - Cross-Site Scripting / HTML Code Injection

Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI Date: 27-11-2009 Author: K053 Vendor: http://www.micronet.info/modeldetail.aspx?seriesno=6&sno=472 Tested on : Private Networks ------------------------------------------------------------------------------------ Note...