5115 matches found
Mosets Tree 2.1.6 Cross Site Request Forgery
'; / page - any one of: pageaddCategory pageaddListing pageadvSearchRedirect pageadvSearchResults pageadvSearch pageclaim pageconfirmDelete pagecontactOwner pageerrorListing pageerror pagegallery pageimage pageindex pagelistAlpha pagelisting pagelistListings pageownerListing pageprint pagerecomme...
ViArt Shop 4.0.5 - Multiple Vulnerabilities
ViArt Shop 4.0.5 - Multiple Vulnerabilities Title: ViArt SHOP multiple vulnerabilities Date: 18.11.2010 Author: Ariko-Security Software Link: http://www.viart.com Version: 4.0.5 ============ Ariko-Security - Advisory 2/11/2010 ============= ViArt SHOP multiple vulnerabilities Vendor's Description...
ViArt Shop 4.0.5 - Multiple Vulnerabilities
Title: ViArt SHOP multiple vulnerabilities Date: 18.11.2010 Author: Ariko-Security Software Link: http://www.viart.com Version: 4.0.5 ============ Ariko-Security - Advisory 2/11/2010 ============= ViArt SHOP multiple vulnerabilities Vendor's Description of Software and demo:...
Amnesty International Site Found Hosting Malware, IE Zero Day
Researchers at security firm Websense have found that Amnesty International’s Hong Kong site, amnesty.org.hk, is serving up a cocktail of malware that includes last week’s Internet Explorer 0-day. Visitors to the human rights organization’s site operating versions 6 and 7 of IE are being targeted...
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities Title: ASPilot Pilot Cart 7.3 multiple vulnerabilities Date: 07.11.2010 Author: Ariko-Security Software Link: http://www.pilotcart.com Version: 7.3 CVE Reference: CVE-2008-2688 only 1 SQL injection EDB-ID: 5765 only 1 SQL injection Ariko-Security:...
ASPilot Pilot Cart 7.3 Multiple Vulnerabilities
Exploit for php platform in category web applications =============================================== ASPilot Pilot Cart 7.3 Multiple Vulnerabilities =============================================== Title: ASPilot Pilot Cart 7.3 multiple vulnerabilities Date: 07.11.2010 Author: Ariko-Security...
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
Title: ASPilot Pilot Cart 7.3 multiple vulnerabilities Date: 07.11.2010 Author: Ariko-Security Software Link: http://www.pilotcart.com Version: 7.3 CVE Reference: CVE-2008-2688 only 1 SQL injection EDB-ID: 5765 only 1 SQL injection Ariko-Security: Security Audits , Audyt bezpieczeństwa Advisory:...
CVE-2010-3934
The browser in Research In Motion RIM BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an...
CVE-2010-3934
The browser in Research In Motion RIM BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an...
Google Chrome Arbitrary Extensions Detection
Google Chrome Instaled extensions arbitrary detection Vendor url: http://www.google.com Advisore:http://lostmon.blogspot.com/2010/09/google-chrome-instaled-extensions.html Vendor notify:YES vendor confirmed.YES exploit:YES Change log...
Joomla Appointment Calendar Persistent Xss Vulnerability
Exploit for php platform in category web applications ======================================================== Joomla Appointment Calendar Persistent Xss Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...
Users Still Making Life Easy for Scareware Crews
Scareware and rogue AV programs have enjoyed a very good run in the last few years, making millions of dollars for their creators and generally making life miserable for victims. And while there’s been some innovation recently in the mechanisms attackers use to keep the programs resident on...
Shop a la Cart Multiple Vulnerabilities
Exploit for php platform in category web applications ======================================= Shop a la Cart Multiple Vulnerabilities ======================================= Exploit Title: Multiple vulnerabilities in SHOP A LA CART Date: 03.09.2010 Author: Ariko-Security Software Link:...
Shop a la Cart - Multiple Vulnerabilities
Shop a la Cart - Multiple Vulnerabilities Exploit Title: Multiple vulnerabilities in SHOP A LA CART Date: 03.09.2010 Author: Ariko-Security Software Link: http://shopalacart.com Version: ALL Tested on: ALL CVE : n/a Ariko-Security: Security Audits , Audyt bezpieczeństwa Advisory: 728/2010...
Shop a la Cart - Multiple Vulnerabilities
Exploit Title: Multiple vulnerabilities in SHOP A LA CART Date: 03.09.2010 Author: Ariko-Security Software Link: http://shopalacart.com Version: ALL Tested on: ALL CVE : n/a Ariko-Security: Security Audits , Audyt bezpieczeństwa Advisory: 728/2010 ============ Ariko-Security - Advisory 1/9/2010...
CGI Generic HTML Injections (quick test)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML to be executed in a user's browser within the security context of the affected site. The remote web server...
Mozilla Bug Seen as Very Low Risk
Mozilla has been aware of the Firefox iFrame bug that came to light yesterday for more than two months now and the company’s engineers concluded early on in the process that the problem was a fairly minor one that was unlikely to cause the vast majority of users any confusion or be exploited by...
New Firefox iFrame Bug Bypasses URL Protections
UPDATED–There is a bug in Mozilla’s flagship Firefox browser related to the way the browser handles obfuscated URLs in iFrames. However, a Mozilla official said the bug poses “very low” risk to users. Johnathan Nightingale of Mozilla said in a blog post late Tuesday that the bug poses little risk...
Unfixed XSS vulnerability at www.dziennik.pl
Security researcher cbr, has submitted on 25/07/2010 a cross-site-scripting XSS vulnerability affecting www.dziennik.pl, which at the time of submission ranked 7281 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently...
Sikkim Manipal University / Calcutta University Vulnerabilities
Topic: a Sikkim Manipal University portal is vulnerable to SQL Injection attack. b Calcutta University website is spreading malware via iframe code insertion. Details: a About the university: Sikkim Manipal is one of the largest private University in India. The Institute attracts students from al...