@lex Poll 1.2 - 'setup.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28520/info @lex Poll is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

@lex Guestbook <= 4.0.5 - setup.php language_setup Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

@lex Guestbook <= 4.0.2 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...

@lex Guestbook 5.0 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37706/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in t...

SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow

Sumatra 2.1.1/MuPDF 1.0 Integer Overflow ======================================= There is an integer overflow on the MuPDF in the lexnumber function which can be triggered using a corrupt PDF file with ObjStm. I'm attaching a file that reproduces the problem with the original unmodified file. The...

PT-2011-5196 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: SumatraPDF version 2.1.1 MuPDF version 1.0 Description: The issue allows remote attackers to cause an integer overflow in the lex number function via a corrupt PDF file. It is also caused by a signedness error in the pdf repair obj stm functi...

@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/37706/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...

@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities

@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/37706/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to...

@lex Guestbook Cross Site Scripting

============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-7140

Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...

Cross site scripting

Cross-site scripting XSS vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the languagesetup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7141

Cross-site scripting XSS vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the languagesetup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7140

CVE-2008-7140 involves multiple XSS vulnerabilities in the @lex Guestbook package (version 4.0.5 and earlier). The flaws allow remote attackers to inject arbitrary web script or HTML by supplying (1) the language_setup parameter to setup.php or (2) the test parameter to index.php. The posted data...

CVE-2008-7141

CVE-2008-7141 is an XSS vulnerability in the setup.php file of @lex Poll 2.1, exploitable through the language_setup parameter to inject arbitrary web script or HTML. The connected documents confirm the vulnerability but do not provide exploit details, specific affected versions beyond @lex Poll ...

@lex Poll 1.2 - setup.php Cross-Site Scripting

@lex Poll 1.2 - setup.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28520/info @lex Poll is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

@lex Guestbook 4.0.5 - &#039;setup.php?language_setup&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

@lex Guestbook 4.0.5 - &#039;index.php?test&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

Directory traversal

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the 1 ajskin and 2 skinedit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the la...

CVE-2007-0205

CVE-2007-0205 is a directory traversal vulnerability in the admin/skins.php module of @lex Guestbook 4.0.2 and earlier. Attackers can create files in arbitrary directories by supplying . . sequences in the aj_skin and skin_edit parameters, which can enable file inclusion by placing a skin file in...