moinmoin -- cross-site scripting vulnerabilities

Secunia reports: Input passed via multiple parameters to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site...

Debian DSA-1770-1 : imp4 - Insufficient input sanitising

Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4182 It was discovered that imp4 suffers from a cross-site scripting XSS attack via the user field in an IM...

Mandriva Update for mandriva-kde-config MDVA-2008:197 (mandriva-kde-config)

Check for the Version of mandriva-kde-config OpenVAS Vulnerability Test Mandriva Update for mandriva-kde-config MDVA-2008:197 mandriva-kde-config Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

ESET Remote Administrator XSS Vulnerability

This host is running ESET Remote Administrator and is prone to remote Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodesetremoteadministratorxssvuln.nasl 6517 2017-07-04 13:34:20Z cfischer $ ESET Remote Administrator XSS Vulnerability Authors: Nikita MR Copyright:...

Image upload formula deceptive vulnerability tutorials-vulnerability warning-the black bar safety net

For the reader: the script to attack the lovers, ASP programmer Pre-knowledge: none Image upload formula spoofing attacks Wen/ Yan into the This vulnerability applies to all only check the uploaded file format of the program, put the images into HTML code, after uploading the executable to do the...

Ewebeditor2. 8. 0 Ultimate Edition delete arbitrary file vulnerability-vulnerability warning-the black bar safety net

Author: oldjun This vulnerability can very tasteless, it can be fatal, the key to see how you use! This vulnerability is present in Example\NewsSystem directory delete. asp file, which is ewebeditor test page, without the login you can go directly to, to see these code: 'The band"|"the string...

FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses...

Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns

Exploit for unknown platform in category web applications =============================================================== Gallery Kys 1.0 Admin Password Disclosure / Permanent XSS Vulns =============================================================== START 0x01 Informations: Script : Gallery Kys 1...

Microsoft Internet Explorer 'screen[""]'远程拒绝服务漏洞

BUGTRAQ ID: 33149 CNCAN ID：CNCAN-2009010805 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer存在NULL指针引用问题，远程攻击者可以利用漏洞使应用程序崩溃。 如下的HTML代码可导致NULL PTR引用而使浏览器崩溃： BODY onload=screen"" Microsoft Internet Explorer 8 beta 2 Microsoft Internet Explorer 8 Beta 1 Microsoft Internet Explore...

myPHPscripts Login Session 2.0 - Cross-Site Scripting Database Disclosure

myPHPscripts Login Session 2.0 - Cross-Site Scripting Database Disclosure START 0x01 Informations: Script : myPHPscripts Login Session 2.0 Download : http://www.hotscripts.com/jump.php?listingid=69881&jumptype=1 Vulnerability : XSS / Database Disclosure Author : Osirys Contact : osirysatlivedotit...

w3camayaurl-overflow.txt

W3C Amaya 10.1 Web Browser Amaya URL Bar Remote Stack Overflow Vulnerability Written and discovered by: r0ut3r writ3r at gmail.com / www.bmgsec.com.au Advisory: http://www.bmgsec.com.au/advisory/40/ ------------------------------------------------------ Shellcode notes: The application fails to...

W3C Amaya 10.1 Web Browser (URL Bar) Remote Stack Overflow PoC

Exploit for unknown platform in category dos / poc ============================================================== W3C Amaya 10.1 Web Browser URL Bar Remote Stack Overflow PoC ============================================================== W3C Amaya 10.1 Web Browser Amaya URL Bar Remote Stack...

IBM Tivoli Netcool Service Quality Manager跨站脚本及HTML代码注入漏洞

BUGTRAQ ID: 32233 IBM Tivoli Netcool Service Quality Manager是IBM Tivoli服务质量管理解决方案的核心软件。 Tivoli Netcool Service Quality Manager的Web接口中存在多个跨站脚本漏洞，已认证的用户可以使用报表生成功能创建名称中嵌入了恶意代码的报表，当在主面板中打开报表历史时就会在用户浏览器会话中执行注入的代码。 至少有以下三个页面存在漏洞： http://server/document root/ReportTree http://server/document root/Launch...

Firefox Web Browser FTP Client XSS Vulnerability (Linux)

The host is installed with Mozilla Firefox browser and is prone to Cross Site Scripting XSS Vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxftpclntxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Firefox Web Browser FTP Client XSS Vulnerability Linux Authors: Chandan S Copyright:...

Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities

Google Docs HTML code Multiple Cross Site Scripting Vulnerabilities I. Background: Google Docs is an online application which makes possibile to "Create and share your work online". You can use it to create Documents, Presentations, Spreadsheets and Forms. II. Description: Multiple cross site...

noname script 1.1 - Multiple Vulnerabilities

noname script 1.1 - Multiple Vulnerabilities + NoName Script 1.1 BETA Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Local File Inclusion...

NoName Script <= 1.1 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ==================================================== NoName Script action : change http://localhost with the website link. profilid : id of the user that you want to change settings for it - input value : input name="editbenutzername"...

noname script 1.1 - Multiple Vulnerabilities

NoName Script 1.1 BETA Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Local File Inclusion http://localhost/index.php?action=../../../autoexec.bat%00&kategorie=Tutorial This will open...

kshop-xss.txt

Kshop module search variable&field remote XSS Vendor url:http://www.kaotik.biz/ Advisore:http://lostmon.blogspot.com/2008/08/ kshop-module-search-variable-and-field.html Vendor notify:no exploit available:YES Kshop is a E-commerce php/Mysql script module for multiple CMS Systems like...

Evolution Vulnerability

Application: Evolution 2.22.2 OS: Linux - Ubuntu 8.04 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Evolution is an email client that is built with ubuntu...