Ad Manager Pro Cross Site Request Forgery

Exploit Title: Ad Manager Pro CSRF Vuln add admin Author: Jonturk75 Vendor of Software Link: http://www.scripts.com/viewscript/php-text-ad-management/20881/ Category:: webapps Demo site: http://www.scripts-demo.com/admanagerpro/administration/index.php...

Apache MyFaces 2.0 / 2.1 Information Disclosure

-------------------------------------------------------------------------------------------------- CVE-2011-4343: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.10 MyFaces Core 2.1.0 to...

CVE-2011-2591

Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by 1 a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, 2 a network response to AXPlayer.ocx in the...

Cross Site Scripting - Dokumentation, Analyse & Techniken

Document Title: =============== Cross Site Scripting - Dokumentation, Analyse & Techniken References: =========== https://www.vulnerability-lab.com/resources/documents/198.pdf https://de.wikipedia.org/wiki/Cross-SiteScriptingWeblinks ; Release Date: ============= 2011-07-19 Vulnerability Laborato...

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

============================== Muitiple XSS - Glassfish Web Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 14 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...

Apple Safari 1.x/3.0.x / Firefox 1.5.0.x/2.0.x - JavaScript Multiple Fields Key Filterings

source: https://www.securityfocus.com/bid/26669/info Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. Exploiting this issue requires that users manually type sensitive data. This may require...

Format string

Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the 1 username, 2 password, and 3 nickname fields in a "0x01" packet...

Sql injection

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

Cerberus Helpdesk vulnerable to XSS

Inputs in the Cerberus Helpdesk is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters. You can add XSS that will hit every user of the system, and even simple scripting tags like scriptalert‘f’/script is allowed PoC:...

BrowserCRM vulnerable for XSS

Inputs in the BrowserCRM is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters. Some fields have been filtered in a basic form, so that simple scripting like "scriptalert'XSS'/script" is not possible. Howevere, since the filtering is not based on...

CVE-2005-4507

Multiple cross-site scripting XSS vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields...

CVE-2005-4507

Multiple cross-site scripting XSS vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields...

CVE-2005-3818

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 various input fields, including the contact, lead, and first or last name fields, 2 the record parameter in a DetailView action in the Leads module f...

CVE-2005-3547

Cross-site scripting XSS vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the 1 adsess, 2 name, and 3 description parameters in admin.php, and the 4 ACP Notes, 5 Member Name, 6 Password, 7 Email Address, 8 Components, and multiple other...

CVE-2005-3547

Cross-site scripting XSS vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the 1 adsess, 2 name, and 3 description parameters in admin.php, and the 4 ACP Notes, 5 Member Name, 6 Password, 7 Email Address, 8 Components, and multiple other...

CVE-2005-3547

CVE-2005-3547 affects Invision Power Board 2.1. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via multiple input fields (e.g., adsess, name, description in admin.php, ACP Notes, Member Name, Password, Email Address, Comp...