1931 matches found
[SA21021] Drupal webform Module Script Insertion Vulnerabilities
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...
Cross-site scripting-vulnerability warning-the black bar safety net
What is cross-site scriptingCSS/XSS? We said the cross-site scripting refers to a remote WEB page's html code is inserted with the malicious purpose of the data, the user that the The page is trustworthy, but when the browser downloads the page, the embedded script will be interpreted, Sometimes...
WinSCP < 3.8.2 Arbitrary Command Insertion
Binary data 3648.prm...
[SA20441] OSADS Board Comments Script Insertion Vulnerability
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
dokuwiki -- multiple vulnerabilities
Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...
[SA20285] Assetman Unspecified Script Insertion Vulnerabilities
TITLE: Assetman Unspecified Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA20285 VERIFY ADVISORY: http://secunia.com/advisories/20285/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Assetman 2.x http://secunia.com/product/10187/ DESCRIPTION: Nomenumbra...
magnolia.txt
Magnolia CMS Script Insertion Vulnerability Risk: Medium Class: Remote Script: Magnolia CMS Version: not define ------------------------------------------------------------------- Example: http://target/path/search.html?query=CODE&x=0&y=0 http://target/path/search.html?query=alert"lol";&x=0&y=0...
[SA20081] Website Baker "display_name" Script Insertion Vulnerability
TITLE: Website Baker "displayname" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA20081 VERIFY ADVISORY: http://secunia.com/advisories/20081/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Website Baker 2.x http://secunia.com/product/5455/ DESCRIPTION:...
FreeBSD : phpldapadmin -- XSS and Script Insertion vulnerabilities (6d78202e-e2f9-11da-8674-00123ffe8333)
Secunia reports : phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1 Some input isn't properly sanitised before being returned to the user. This can be exploited t...
FreeBSD : trac -- Wiki Macro Script Insertion Vulnerability (400d9d22-d6c5-11da-a14b-00123ffe8333)
Secunia reports : A vulnerability has been reported, which can be exploited by malicious people to conduct script insertion attacks. Input passed using the wiki macro isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed...
FreeBSD : phpbb -- multiple vulnerabilities (28c9243a-72ed-11da-8c1d-000e0c2e438a)
Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to : - script insertion, - bypassing of protetion mechanisms, - multiple cross site scripting vulnerabilities, - SQL injection, - arbitrary code execution %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)
Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...
FreeBSD : bugzilla -- multiple vulnerabilities (46f7b598-a781-11da-906a-fde5cdde365e)
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to disclose sensitive information and conduct script insertion attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...
[SA19996] 2005-Comments-Script Multiple Vulnerabilities
TITLE: 2005-Comments-Script Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19996 VERIFY ADVISORY: http://secunia.com/advisories/19996/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: 2005-Comments-Script http://secunia.com/product/9778/ DESCRIPTION: Some...
SF-Users V1.0 XSS injection
SF-Users V1.0 XSS injection Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement The username with which you sign up isn't properly sanitized so it's possible to insert some javascript there. The single quote is filtered so we'll have to use ' or 27. A...
trac -- Wiki Macro Script Insertion Vulnerability
Secunia reports: A vulnerability has been reported, which can be exploited by malicious people to conduct script insertion attacks. Input passed using the wiki macro isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed ...
[SA19870] Trac Wiki Macro Script Insertion Vulnerability
TITLE: Trac Wiki Macro Script Insertion Vulnerability SECUNIA ADVISORY ID: SA19870 VERIFY ADVISORY: http://secunia.com/advisories/19870/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Trac 0.x http://secunia.com/product/5260/ DESCRIPTION: A vulnerability h...
[Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.
--Security Report-- Advisory: Clansys = 1.1 PHP Code Insertion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 23/04/06 21:07 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Clansys http://www.clansys.de.vu/ Versio...
Clansys 1.1 - 'index.php' PHP Code Insertion
NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29 Dork: "ClanSys v.1.1" 2.400 pages. Fu...
Clansys 1.1 - index.php PHP Code Insertion
Clansys 1.1 - index.php PHP Code Insertion NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory:...