phpmyadmin -- Cross Site Scripting Vulnerabilities

Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...

Detailed WINRAR self-extracting cross-site attack vulnerabilities-vulnerability warning-the black bar safety net

Listen to many people say WINRAR self-extracting format of the file in the installation interface can be cross-site, the author personally tested, this not alone that is across Station, originally thought it was a new out of the vulnerability of it, the original is WINRAR itself defects, in which...

WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability

================================================================ WEBAlbum = 2.0 Remote Stored Cross Site Scripting Vulnerability ================================================================ AUTHOR : CWH Underground DATE : 5 June 2008 SITE : www.citec.us APPLICATION : WEBAlbum VERSION : = 2.0...

webalbum-xss.txt

================================================================ WEBAlbum XSS Vulnerabilities POST Variable: id POST Variable: category Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, Win7dos, JabAv0C...

Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ Kmita Mail = 3.0 file Remote File Inclusion Vulnerability ============================================================ \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /...

ICQ 6 HTML Code Generation Remote Format String

Binary data 4405.prm...

CVE-2008-1120

Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service crash via unspecified vectors related to HTML code generation...

Format string

Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service crash via unspecified vectors related to HTML code generation...

CVE-2008-1120

CVE-2008-1120 affects Mirabilis ICQ 6, build 6043, via a vulnerability in the embedded Internet Explorer component responsible for HTML code generation. The issue is a format string vulnerability that may allow a remote attacker to trigger arbitrary code execution or cause a crash on the affected...

CVE-2008-1120

Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service crash via unspecified vectors related to HTML code generation...

IBM ISS Internet扫描器HTML代码注入漏洞

BUGTRAQ ID: 28014 ISS Internet Scanner是一款商业性质的漏洞扫描评估工具。 ISS Internet扫描器在保存HTML报表时没有正确地验证对某些参数的输入，这可能导致注入任意HTML和脚本代码，当用户查看报表的时候就会在浏览器会话中执行。 IBM ISS Internet Scanner 7.0 SP2 build 7.2.2005.52 厂商补丁： IBM --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ers.ibm.com/...

Debian Security Advisory DSA 109-1 (faqomatic)

The remote host is missing an update to faqomatic announced via advisory DSA 109-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

webquest-db.txt

--==+================================================================================+==-- --==+ PHP Webquest 2.6 Get Database's Credential +==-- --==+================================================================================+==-- Author: MhZ91 Title: PHP Webquest 2.6 Get Database's...

IPTBB &lt;= 0.5.4 (viewdir id) Remote Sql Injection Vulnerability

No description provided by source. --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Remote Sql Injection ---------------------------------------------------------------...

Gallery 2.2.4之前版本多个远程安全漏洞

BUGTRAQ ID: 27035 Gallery是基于Web的开源相册管理器。 Gallery的2.2.4之前版本存在多个安全漏洞，允许恶意用户泄露敏感信息、执行跨站脚本攻击、绕过安全限制或入侵有漏洞的系统。 1 Publish XP模块中的漏洞可能导致未经正确的授权便创建和上传文件。 2 URL重写模块中的管理员控制器中的漏洞可能允许包含本地文件。 3 core和add-item模块中没有正确地过滤通过文件名所传送的输入，导致在用户浏览器会话中执行任意HTML和脚本代码。 4 Core/MIME模块中没有对上传文件的扩展名执行正确的检查。 5 Gallery...

bitcomet-xss.txt

The program is vulnerable to attacks of the kind xss the parameter "about:" scripts without authorization in the example that I am presenting is a page that runs a while with a msgbox infinity. Create an html file and paste the following code while1alert"Juan Pablo Lopez Yacubian""...

VBTube 1.1 - Search Cross-Site Scripting

VBTube 1.1 - Search Cross-Site Scripting source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a...

Mozilla Firefox 2.0.0.7 - Remote Denial of Service

i WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Bug Title: Mozilla Firefox 2.0.0.7 Denial of Service Vendor URL: www.mozilla.org Version: & Bug Description To do this work we need 2 files Html,XML. Their codes was written below. Save below codes in a HTML file...

Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service

source: https://www.securityfocus.com/bid/26172/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Firefox 2.0.0.7 is vulnerable; other...

Directory Image Gallery XSS vuln.

Sunday, 7 October 2007 Directory Image Gallery XSS vuln. Vuln. discovered by : r0t Date: 7 October 2007 Vendor:http://splitside.net/store/index.php?mainpage=productinfo&productsid=1 affected versions:Directory Image Gallery 1.1 other versions also can be affected. Directory Image Gallery contains...