754 matches found
possible SQL injection in Subdreamer
//==========================================// GHC - Subdreamer - ADVISORY // Product: Subdreamer Version: Subdreamer Light // URL: www.subdreamer.com VULNERABILITY CLASS: SQL injection //==========================================// Product Description "Powered by PHP and MySQL, Subdreamer provid...
phpfusionXSS.txt
I found an exploit in the current version of php-fusion which allows you to input XSS in the IMG tag. I reported it already to php-fusion and they created a fix for this. Here it goes: By converting the text ie. javascript:alert'test' to their ascii values, the strings between the img/img tags...
PBLang Bulletin Board System 4.x - SendPM.php Directory Traversal
PBLang Bulletin Board System 4.x - SendPM.php Directory Traversal source: https://www.securityfocus.com/bid/12690/info PBLang is reported prone to a directory traversal vulnerability. It is reported that the issue exists due to a lack of sufficient sanitization performed on user-supplied input. A...
BizMail bizmail.cgi Arbitrary Mail Relay
The remote web server is hosting the CGI bizmail.cgi, a CGI script for sending the content of web forms to email addresses. The remote version of this software fails to sanitize the 'email' parameter to the 'bizmail.cgi' script of CRLF sequences. An unauthenticated, remote attacker may be able to...
[SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 631-1 [email protected] http://www.debian.org/security/ Martin Schulze January 10th, 2005 http://www.debian.org/security/faq -...
escripts software e_board 4.0 - Directory Traversal
source: https://www.securityfocus.com/bid/12048/info It is reported that eBoard is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. By including '../' directory traversal sequences and a NULL %00 in the...
ABC2MIDI 2004-12-04 - Multiple Stack Buffer Overflow Vulnerabilities
source: https://www.securityfocus.com/bid/12019/info It is reported that abc2midi is susceptible to two stack buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied image data prior to copying it into fixed-size memory buffers...
Advanced Guestbook 2.2/2.3 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/11798/info It is reported that Advanced Guestbook is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a...
[Full-Disclosure] Click and Build eCommerce Platform Cross Site Scripting
ClickandBuild: http://apply.clickandbuild.com/ Online eCommerce platform. Vulnerability The vulnerability lies in the "listPos" variable in the script running at cashncarrion.co.uk. It does not properly secure user inputted variables, presumably as the user is not supposed to input the variable b...
CVE-2002-1478
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...
CVE-2004-1728
Buffer overflow in British National Corpus SARA sarad allows remote attackers to execute arbitrary code by calling the client with a long string...
eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection
source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. As a result of this a malicious user may influence database...
Athena Web Registration - Remote Command Execution
source: https://www.securityfocus.com/bid/9349/info A problem has been reported in the handling of user-supplied input by the Athena Web Registration scripts. Because of this, it may be possible for an attacker to gain unauthorized access to a vulnerable system...
MathoPD 1.x - Remote Buffer Overflow
MathoPD 1.x - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/9871/info It has been reported that Mathopd is prone to a remote buffer overflow vulnerability. The issue arises due to a failure to check the bounds of a buffer storing user-supplied input. It may be possible for...
Divine Content Server 5.0 - Error Page Cross-Site Scripting
Divine Content Server 5.0 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/8763/info It has been reported that Divine Content Server is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the...
DSA-351 php4 - cross-site scripting
Bulletin has no description...
ttcms and ttforum exploits
hope this is the right place to send this exploit info, I found three diffrent exploits for a forum software / cms software: ------------------------------------------------------------------------------------------------------------------------------------------------ Affected Product: ttCMS or...
CGI-City's CCLOG Script Injection Vulns
CGI-City's CCGuestBook Script Injection Vulnerabilities Discovered By BrainRawt [email protected] About CCGuestBook: ------------------ CC Guestbook is a simple guestbook program that is very easy to configure and install. It features a notification facility which sends an email alert to the...
CVE-2002-1399
Unknown vulnerability in cashout and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cashout2...
phpBB 2.0.3 - Script Injection
phpBB 2.0.3 - Script Injection source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Scrip...