[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure

MajorSecurity 23 BLOG:CMS = 4.0.0j - XSS and cookie disclosure ------------------------------------------------------------------- Software: BLOG:CMS Version: 4.0.0j Type: Cross site scripting Made public: July, 22th 2006 Vendor: F-ART AGENCY, Ltd. - Radek Hulбn Page: http://blogcms.com/ Credits:...

newangels-11.txt

newangels-team.eu 11 FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities =========================================================================================== Vendor site = http://www.sensesites.com/ Date: Jun 13 2006 Risk = MEDIUM Version: 5.0 Credit: ======= NewAngels Team ...

freewebshop21.txt

NewAngels Advisory 9 FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities ========================================================================================== Vendor site = http://www.freewebshop.org/ Date: Jun 15 2006 Version: 2.1 Credit: ======= NewAngels Team...

aXentForum II XSS vuLLn

vendor:http://www.axent.us/axentforum.cfm affected versions:aXentForum II and prior aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user. This can be...

HotPlug CMS 1.0 - Login1.php Cross-Site Scripting

HotPlug CMS 1.0 - Login1.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18454/info HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

mailman -- Multiple Vulnerabilities

Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...

CVE-2006-2874

Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting XSS vulnerability involving comments...

CVE-2006-2874

Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting XSS vulnerability involving comments...

CVE-2006-2874

OSADS Alliance Database prior to version 1.4 has an unspecified vulnerability described as a possible cross-site scripting (XSS) issue related to a "Security Leak to lock in HTML-Code" involving comments. The exact impact and attack vectors are not disclosed in the provided documents. Affected co...

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary HTML and script code i...

orkutXSS.txt

Hi, I found this little XSS thing with the search.aspx page of orkut.com. The page uses GET method to get user criteria for searching the profiles of people. The fields textboxAgeFrom and textboxAgeTo in the URL are not verified and one can inject any html code using these parameters. Proof of...

FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)

Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...

1asphost.txt

This is an URL Bug on 1ASPHost & DomainDLX Hosting Services Internet Sites : We Can Run Script, META Tag Or HTML Code. JScript Example 1ASP Host : http://www.1asphost.com/MainLogin.aspx?error=alert'HACKED%20!' Example DomainDLX http://www.domaindlx.com/MainLogin.aspx?error=alert'HACKED%20!'...

Trojan rampage beware of the QQ expression hidden behind the conspiracy-bug warning-the black bar safety net

Editor's note: I believe that QQ is the majority of users are very familiar with the chat tool. A considerable part of the friends for QQ custom emoticons very favorite, or even make your own personalized custom emoticons to share to everyone. But we enjoy a variety of personalized expression,...

[Full-disclosure] WebEOC Vuln - more info

Hi Guys, Doing a pen test I have come up with a WebEOC server. There are a few vulns listed at: http://secunia.com/advisories/16075/ specifically I am interested in : "6 Sensitive information is exposed in URIs, stored in publicly accessible configuration files, and in the HTML code returned to...

NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...

NOCC 1.0 - filter_prefs.php?html_filter_select Cross-Site Scripting

NOCC 1.0 - filterprefs.php?htmlfilterselect Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...

[waraxe-2006-SA#044] - XSS in phpNuke 7.8 and older versions

================================================================================ waraxe-2006-SA044 ================================================================================ XSS in phpNuke 7.8 and older versions ===============================================================================...

[NT] Internet Explorer 7.0 Beta 2 urlmon.dll Buffer Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...