osTicket 1.7 RC2 CSRF / Disclosure / XSS / Redirect

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

CVE-2011-5223

Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2011-5223

Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2011-5223

Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2011-5223

The provided documents confirm CVE-2011-5223 is a CSRF vulnerability in Cacti’s logout.php affecting versions before 0.8.7i. Affected component is Cacti (web interface); the underlying issue is CSRF that can hijack a user’s authenticated session. The exact exploit vectors, affected product versio...

Cross site scripting

Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...

CVE-2012-0908

Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...

CVE-2012-0908

Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...

SimpleSAMLphp logout.php link_href Parameter XSS

The version of SimpleSAMLphp on the remote host contains a cross-site scripting vulnerability because it fails to sanitize input to the 'linkhref' parameter of the 'logout.php' script before including it in a web page. An attacker can leverage this issue by enticing a user to follow a malicious...

Task Freak Cross Site Scripting and SQL Injection Vulnerabilities

This host is running Task Freak and is prone to Cross Site Scripting and SQL Injection vulnerabilities. OpenVAS Vulnerability Test $Id: gbtaskfreakxssnsqlinjvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ Task Freak Cross Site Scripting and SQL Injection Vulnerabilities Authors: Madhuri D Copyrigh...

CVE-2010-1520

Cross-site scripting XSS vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Campus Virtual-LMS allow 1 remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a ...

campus virtual-lms - Cross-Site Scripting SQL Injection

campus virtual-lms - Cross-Site Scripting SQL Injection +-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: Yasión Fecha: 12 jun 2009...

bandsitecms-xss.txt

BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN + Arbitrary Download Database Go to http://localhost/Path/adminpanel/phpmydump.php and the download will begin database.sql . +...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

phpmydesk-rfi.txt

script:PHPMyDesk Beta Release 1.0b == RFI dir url:http://www.cynux.com/phpmydesk/ author: titanichacker contact:[email protected] H.P : http://hack-teach.com & mohandko.com & tryag.com bug in: ./index.php include$langmod; ./login.php include$langmod; ./logout.php include$langmod;...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

CVE-2007-2609

CVE-2007-2609 affects gnuedu 1.3b2 with multiple PHP remote file inclusion vulnerabilities . An attacker can trigger arbitrary PHP code execution by supplying untrusted values to the ETCDIR parameter for files/libs (libs/lom.php; lom_update.php; check-lom.php; weigh_keywords.php; web/lom.php) and...

Post REvolution 0.7.0 RC 2 - 'dir' Remote File Inclusion

Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............:...