PHP MicroCMS 1.0.1 CSRF and XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22765 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpmicrocms.html Product: PHP MicroCMS Vendor: ApPHP http://www.apphp.com/ Vulnerable Version: 1.0.1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability...

e107 1.0.2 - CSRF Resulting in SQL Injection

No description provided by source. Exploit Title: e107 v1.0.2 Administrator CSRF Resulting in SQL Injection Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

Online Subtitles Workshop XSS Vulnerability

No description provided by source. =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS...

KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

No description provided by source. Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: fdisk @fdiskyou e-mail: fdiskyou at deniable.org Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the...

Juniper Junos 8.5/9.0 J-Web Interface /diagnose Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...

Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24837/info Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers. Exploiting the...

Microsoft SharePoint Server 2007 XSS Vulnerability

No description provided by source. Vulnerability ID: HTB22350 Reference: http://www.htbridge.ch/advisory/xssinmicrosoftsharepointserver2007.html http://www.microsoft.com/technet/security/advisory/983438.mspx Product: Microsoft SharePoint Server 2007 Vendor: Microsoft Corporation Vulnerable Versio...

MS IE 4/5/5.5/5.0.1 external.NavigateAndFind() Cross-Frame Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet Explorer for Unix 5.0 external.NavigateAndFi...

frog cms 0.9.5 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22685 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010...

Habari Blog Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure...

VideoGirls forum.php t Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36168/info VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context...

Linksys WRT160N - Multiple Vulnerabilities

No description provided by source. Device Name: Linksys WRT160Nv2 Vendor: Linksys/Cisco ============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fast...

diafan.cms 4.3 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22777 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiafancms.html Product: diafan.CMS Vendor: Diafan http://www.diafan.ru/ Vulnerable Version: 4.3 and probably prior versions Vendor Notification: 28 December 2010 Vulnerability Type:...

Netscape Navigator 4.0.8 'about:' Domain Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a...

php-decoda - Cross-Site Scripting In Video Tag

No description provided by source. Advisory: php-decoda: Cross-Site Scripting in Video Tags RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda to specify a...

Cisco DPC2420 Multiples Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware:...

gp easy CMS Minishop 1.5 Plugin Persistent XSS

No description provided by source. Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The...

Wolf CMS 0.6.0b Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22681 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwolfcms.html Product: Wolf CMS Vendor: Wolf CMS team http://www.wolfcms.org/ Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerabilit...

Hyperic HQ 3.2 - 4.2-beta1 - Multiple XSS

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...

Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20812/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to execute certain JavaScript code. Successfully exploiting this issue will cause the...