330 matches found
Webcat multiple blind defect and repair-vulnerability warning-the black bar safety net
Exploit Title: Webcat - two blind defect Google Dork: allinurl: scwebcat/ecat/cmsview.php Date: 6/23/2011 Author: w0rd w0rdatNULL0x00.com Software Link: http://webcat.sourceforge.net/ Tested on: Linux/Windows 7 Vulnerable Parameters: webid=, id= PoC:...
Cross-site Scripting Vulnerabilities in Open-Realty
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open-Realty, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting vulnerabilities in Open-Realty 1.1 Input passed via the "name", "email", "friendemail", "subject", "message" POS...
DoceboLMS 4.0.4 Cross Site Scripting
DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="authenticrequest" value="23dfee506a748201730ab2bb7...
SQL injection authentication bypass
Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...
SQL injection authentication bypass
Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...
SQL injection authentication bypass
Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...
ChillyCMS 1.1.3 - Multiple Vulnerabilities
ChillyCMS 1.1.3 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: chillyCMS Multiple Vulnerabilities Vendor: http://frozenpepper.de/ Vulnerable Version: 1.1.3 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: chillyCMS is a Content...
CUPS Memory Information Disclosure
The remote CUPS install contains a memory information disclosure vulnerability due to an error in 'cgiinitializestring' in 'cgi-bin/var.c', which mishandles input parameters containing the '%' character. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid47716;...
OpenJDK JAR "unpack200" must verify input parameters (6902299)
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
Exploit for unknown platform in category web applications ======================================================================== Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities ======================================================================== 1-Cross Site Scripting...
Theeta CMS (Cross Site Scripting SQL Injection) Multiple Vulnerabilities
No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple
No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
/ / | | | / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,||,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities Discovered By c0dy http://r00tDefaced.net Greetz:...
TGS CMS 0.x SQL Injection / XSS / Disclosure
| | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | alertdocument.cookie The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies. Fix the vulnerability: Encode output...
Atlantic SimpleCaddy Shopping Cart Price Manipulation
SENKED-2009-0001 - Atlantic SimpleCaddy Shopping Cart Price Manipulation senked security advisory http://www.senked.com/ Date Published: 2009-07-01 Last Update: 2009-07-01 Advisory ID: SENKED-2009-0001 Bugtraq ID: none CVE Name: none Title: Atlanticintelligence SimpleCaddy Shoopuing Cart Price...
moinmoin -- cross-site scripting vulnerabilities
Secunia reports: Input passed via multiple parameters to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site...
SQL injection
Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...
SQL injection
Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...
SQL injection
Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...
Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit
No description provided by source. ?php / Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit Blind SQL Injection / Remote Code Execution P.o.C. author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://php-stats.com/downloads details..: works with magicquotesruntime = off 1 Blind SQL...