3107 matches found
Habari Blog Multiple Vulnerabilities
Exploit for php platform in category web applications Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type:...
CVE-2010-3771
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a...
CVE-2010-3771
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a...
Etomite 1.1 Multiple Vulnerabilities
Exploit for php platform in category web applications ==================================== Etomite 1.1 Multiple Vulnerabilities ==================================== Product: Etomite Vendor: http://www.etomite.org/ http://www.etomite.org/ Vulnerable Version: 1.1 Vendor Notification: 18 November 20...
Webmedia Explorer 6.13.1 Cross Site Scripting
Vulnerability ID: HTB22661 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinwebmediaexplorer.html Product: Webmedia Explorer Vendor: Marc Salmurri http://www.webmediaexplorer.com/ Vulnerable Version: 6.13.1 and probably prior versions Vendor Notification: 19 October 2010...
BlogBird Cross Site Scripting
========================================== Vulnerability ID: HTB22646 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinblogbird.html Product: BlogBird Vendor: BlogBird http://www.blogbird.nl/ Vulnerable Version: Current actual version on http://www.blogbird.nl/ Vendor Notification: 13...
Zomplog 3.9 Cross Site Scripting
Vulnerability ID: HTB22642 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzomplog.html Product: Zomplog Vendor: Gerben Schmidt http://www.zomp.nl/zomplog/ Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cross Site...
NinkoBB 1.3RC5 - Cross-Site Scripting
NinkoBB 1.3RC5 - Cross-Site Scripting Vulnerability ID: HTB22652 Reference: http://www.htbridge.ch/advisory/xssinninkobb.html Product: NinkoBB Vendor: NinkoBB http://ninkobb.com Vulnerable Version: 1.3RC5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cro...
XSS vulnerability in Ronny CMS
Vulnerability ID: HTB22630 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinronnycms2.html Product: Ronny CMS Vendor: TO4KA Programming Team http://ronny-cms.ru/ Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: Stored...
XSS vulnerability in Ronny CMS
Vulnerability ID: HTB22622 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinronnycms.html Product: Ronny CMS Vendor: TO4KA Programming Team http://ronny-cms.ru/ Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: Stored X...
Horde IMP Webmail 4.3.7 - fetchmailprefs.php HTML Injection
Horde IMP Webmail 4.3.7 - fetchmailprefs.php HTML Injection source: https://www.securityfocus.com/bid/43515/info Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML ...
Persistent XSS Bug on Twitter Exploited by Worm
UPDATE— Within an hour of reports surfacing about a cross-site scripting bug on the Twitter home page, a worm exploiting the bug was released on the site. However, engineers at Twitter have repaired the bug and say that it no longer should be exploitable. The bug appeared Tuesday morning and...
Mollify 1.6 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/43262/info Mollify is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary JavaScript code in the browser of an unsuspecting user in the contex...
CVE-2010-2762
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrom...
WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting
Author: Craw Email: [email protected] Software Link: http://wordpress.org/extend/plugins/events-manager-extended/ Version: 3.1.2 Category: webapplications ======================================================= + ExploiT 1 : If you are allowed to leave a comment: Persistent XSS Vulnerability: You...
XSS vulnerability in Rumba CMS tags
Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrumbacms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. http://rumbacms.com Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: Stored XSS Cross Site...
Prometeo 1.0.65 SQL Injection
// / ////// //////// /// / / / / // / / / / /// //////// / / // / / / // / // /// //////// // ================================= Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo...
Prometeo 1.0.65 - SQL Injection
Prometeo 1.0.65 - SQL Injection // / ////// //////// /// / / / / // / / / / /// //////// / / // / / / // / // /// //////// // ================================= Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo...
Prometeo v1.0.65 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================ Prometeo v1.0.65 SQL Injection Vulnerability ============================================ Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product:...
KnowledgeTree 3.5.2 Community Edition - Persistent Cross-Site Scripting
Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: @fdiskyou e-mail: rui at deniable.org Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the last version. Go to search box or search...