76 matches found
[MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue
MajorSecurity Advisory 49Calimero.CMS - Session fixation Issue Details ======= Product: Calimero.CMS Affected version: 3.3.1232 and prior Remote-Exploit: yes Vendor-URL: http://www.calimero-cms.de Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...
[MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue
MajorSecurity Advisory 47Simple Machines Forum SMF - Session fixation Issue Details ======= Product: Simple Machines Forum SMF Affected version: 1.1.2 and prior Remote-Exploit: yes Vendor-URL: http://www.simplemachines.org Vendor-Status: informed Advisory-Status: published Credits ============...
[MajorSecurity Advisory #46]Plogger - Session fixation Issue
MajorSecurity Advisory 46Plogger - Session fixation Issue Details ======= Product: Plogger Remote-Exploit: yes Vendor-URL: http://www.plogger.org Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original Advisory:...
[MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue
MajorSecurity Advisory 45oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: oe2edit CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.oe2edit.com Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: Dav...
[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue
MajorSecurity Advisory 43Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: @Mail 5.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.atmail.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...
[MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues
MajorSecurity Advisory 42webblizzard CMS - Cross Site Scripting and Session fixation Issues Details ======= Product: webblizzard CMS Remote-Exploit: yes Vendor-URL: http://www.webblizzard.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...
[MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue
MajorSecurity Advisory 37HolaCMS - Cross Site Scripting Issue Details ======= Product: holaCMS-1.4.10 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.hola.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...
[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues
MajorSecurity Advisory 36dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues Details ======= Product: dev4u CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.dev4u.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues
MajorSecurity Advisory 34Plesk 8 - Multiple Cross Site Scripting Issues Details ======= Product: Plesk Affected Version: = 8.0.1 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.swsoft.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by:...
[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue
MajorSecurity Advisory 33ShopSystems - SQL Injection Issue Details ======= Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits ============...
[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue
MajorSecurity Advisory 29foresite CMS - Cross Site Scripting Issue Details ======= Product: ForeSite CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.foresite.ch Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...
[MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities
MajorSecurity 26 Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities ---------------------------------------------------------------------------------------- Software: Woltlab Burning board Impact: Cookie manipulation and Session Fixation Made public: July,...
[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure
MajorSecurity 23 BLOG:CMS = 4.0.0j - XSS and cookie disclosure ------------------------------------------------------------------- Software: BLOG:CMS Version: 4.0.0j Type: Cross site scripting Made public: July, 22th 2006 Vendor: F-ART AGENCY, Ltd. - Radek Hulбn Page: http://blogcms.com/ Credits:...
[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities
MajorSecurity 25 Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities ---------------------------------------------------------------------------------------- Software: Advanced Guestbook for phpBB Version: 2.4 Type: Cross site scripting + SQL Injection Made public:...
netscapeXSS.txt
Netscape.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
ralf image Gallery 0.7.4 - Multiple Vulnerabilities
ralf image Gallery 0.7.4 - Multiple Vulnerabilities Title: Ralf Image Gallery = 0.7.4 - Multiple Remote File Include and directory traversal Vulnerabilities ----------------------------------------------------------------- Vendor: RIG is developed and maintained by Le R'alf URL:...
[MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities
MajorSecurity 18 Ralf Image Gallery = - Multiple XSS, Remote File Include and directory traversal vulnerabilities ---------------------------------------------- Software: RIGRalf Image Gallery Version: =0.7.4 Type: Cross site scripting + remote file include + directory traversal Discovery Date:...
webcrawler.txt
webcrawler.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities
MajorSecurity 17 SixCMS = 6 - Multiple XSS and directory traversal vulnerabilities ---------------------------------------------- Software: SixCMS Version: =6 Type: Cross site scripting Date: June, 12th 2006 Vendor: Six Offene Systeme GmbH Page: http://www.sixcms.de Credits:...
[MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability
MajorSecurity 8DreamAccount = 3.1 - Remote File Include Vulnerability ------------------------------------------------------------------------- Software: DreamAccount Version: =3.1 Type: Remote File Include Vulnerability Date: June, 3rd 2006 Vendor: dreamcost Page: http://dreamcost.com Risc: High...