20 matches found
EUVD-2007-1480
Malware in sbrugna...
EUVD-2006-3611
Malware in sbrugna...
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability
Document Title: =============== CatBot v0.4.2 PHP - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1408 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1408 Commo...
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...
Lazarus Guestbook 1.22 XSS / SQL Injection
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...
Lazarus Guestbook 1.6 codes-english.php show Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...
Lazarus Guestbook 1.6 picture.php img Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...
Remote file inclusion
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to admin.php, probably due to a dynamic variable evaluation vulnerability...
CVE-2007-1486
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to admin.php, probably due to a dynamic variable evaluation vulnerability...
CVE-2007-1486
CVE-2007-1486 describes a PHP remote file inclusion in Carbonize Lazarus Guestbook prior to version 1.7.3. The vulnerability is triggered in template.class.php when processing include_path in admin.php, due to a dynamic variable evaluation vulnerability, allowing an attacker to execute arbitrary ...
Lazarus Guestbook (admin.php)Remote File Include Expliot
Lazarus Guestbook admin.phpRemote File Include Expliot D.Script: http://www.carbonize.co.uk Dork: "Powered by Lazarus Guestbook from carbonize.co.uk" Discovered by Crackman Homepage: http://www.b0rizq.biz Greetz To :B0rizq & redcasper & Draknaz kaiba & brokenproxy and all freind Exploit:...
CVE-2006-3616
CVE-2006-3616 : The provided records indicate multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in p...
lazarus16.txt
Produce : Lazarus Guestbook Website : http://carbonize.co.uk/Lazarus/ Version : 2 3 4 Exploit : http://localhost/lazarusgb/lang/codes-english.php?show=%3C/title%3EXSS http://localhost/lazarusgb/lang/codes-english.php?show=%3C/title%3Ealertdocument.cookie; 2 the seconde probleme is in picture.php ...
Lazarus Guestbook Cross Site Scripting Vulnerabilities
Produce : Lazarus Guestbook Website : http://carbonize.co.uk/Lazarus/ Version : = 1.6 Problem : Cross Site Scripting 1 The first probleme is in codes-english.php ,"show" parameter in lang/codes-english.php isn't properly sanitised This can be exploited to execute arbitrary HTML and javascript cod...
Lazarus Guestbook 1.6 - codes-english.php?show Cross-Site Scripting
Lazarus Guestbook 1.6 - codes-english.php?show Cross-Site Scripting source: https://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Lazarus Guestbook 1.6 - picture.php?img Cross-Site Scripting
Lazarus Guestbook 1.6 - picture.php?img Cross-Site Scripting source: https://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...
Lazarus Guestbook 1.6 - 'picture.php?img' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...
Lazarus Guestbook 1.6 - 'codes-english.php?show' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...