33 matches found
Spring Office Hours Podcast: S5E14 - Spec Driven Development with Simon Martinelli
Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun are joined by Java Champion, Vaadin Champion, and Oracle ACE Pro Simon Martinelli to talk about Spec-Driven Development. With AI reshaping how we write code, Simon makes the case th...
A Bootiful Podcast: Spring community legend and friend Simon Martinelli
Hi, Spring fans! Happy Thanksgiving from me, and I am sure the entire Spring team, to you! We are, it should be clear, oh so very grateful.. thankful.. for you, the community. This week it is my great pleasure to chat with Spring community legend Simon Martinelli...
Don't share the WhatsApp 'Martinelli' phone hacking alert: It's a hoax
Everyone loves a good campfire story prone to exaggeration. However, when told online its not quite got the same effect. Long ago, sites like Myspace would play host to very certain types of messages. "Dont open this post from Johnny Cyberhack, or your account will be stolen and your C drive will...
GaliX 2.0 Index.PHP Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...
RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability
SalesCart Shopping Cart - SQL Injection Vulnerability SalesCart does not sanitize any forms in cgi-bin/reorder2.asp, allowing an attacker to inject arbitrary SQL queries, as well as possible command execution. Google d0rk: "Sorry, you have no Items in your Shopping Cart !" inurl:cgi-bin/view1.asp...
rmeasymail-xss.txt
RM EasyMail Plus - Cross-Site Scripting Vulnerability 2 This cross-site scripting vulnerability can be exploited if a client views an email with a specially crafted title. Vulnerable E-Mail Title: alert1 Vulnerable: RM EasyMail Plus Google d0rk: intitle:"Powered by RM EasyMail Plus" John Martinel...
clonuswiki-xss.txt
ClonusWiki .5 - Cross-Site Scripting Vulnerability ClonusWiki .5 - Cross-Site Scripting Vulnerability discovered by John Martinelli of RedLevel Security Google d0rk: "ClonusWiki .5" intitle:"ClonusWiki" file index.php - variable query - method get "alert1"...
hlstarts-xss2.txt
HLstats v1.35 - Cross-Site Scripting Vulnerability 2 HLstats v1.35 - Cross-Site Scripting Vulnerability 2 discovered by John Martinelli of RedLevel Security Google d0rk: "generated in real-time by HLstats" file hlstats.php - variable action - method get alert1"...
hlstats-xss.txt
HLstats v1.35 Cross-Site Scripting Vulnerability HLstats contains a cross-site scripting vulnerability that may be exploited through the URI. Vulnerability: http://target.com/hlstats/hlstats.php/"alert1 Vulnerable: HLstats v1.35 other versions may also be vulnerable Google d0rk: "generated in...
RedLevel Advisory #017 - HLstats v1.35 Cross-Site Scripting Vulnerability #2
!-- HLstats v1.35 - Cross-Site Scripting Vulnerability 2 Vulnerable Variable: action Vulnerable File: hlstats.php Vulnerable: HLstats 1.2 other versions may also be vulnerable Google d0rk: "generated in real-time by HLstats" John Martinelli [email protected] RedLevel Security...
vpasp-xss.txt
VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability discovered by John Martinelli of RedLevel Security Google d0rk: intitle:"VP-ASP Shopping Cart 6.50" file shopcontent.asp - variable type - method get "...
RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability (patch included)
note to editors: this patch resolves this vulnerability: http://redlevel.org/wp-content/uploads/patch.zip !-- Redoable 1.2 - Cross-Site Scripting Vulnerability --------------- Vulnerable Code --------------- header.php line 6: ... elseif issearch ? Search for ?php echo $s ... searchloop.php line...
WordPress Theme Redoable 1.2 - 'header.php?s' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24037/info Redoable is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
podium-cookie.txt
Podium CMS - Cookie Manipulation Exploit Podium CMS - Cookie Manipulation Exploitdiscovered by John MartinelliGoogle d0rk: inurl:"podium/Default.aspx" "...
Bradford CampusManager v3.1(6) Sensitive Data Disclosure
Bradford CampusManager v3.16 Sensitive Data Disclosure The following directories should be protected from world readability. Child folders include backup, log, and configuration files. http://cmnms.target.com:8080/runTime/ http://cmnms.target.com:8080/remediationReports/ Vulnerable: CampusManager...
phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
No description provided by source. !-- phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit Vulnerable Variable: itemid Vulnerable File: modules/news/article.php Vulnerable: phpMySpace Gold v8.10 other versions should also be vulnerable Google d0rk: "Powered by phpMySpace Gold 8.10" John...
Ripe Website Manager (<= 0.8.4) - SQL Injection Vulnerability and Cross-Site Scripting Exploit
!-- Ripe Website Manager = 0.8.4 - SQL Injection Vulnerability and Cross-Site Scripting Exploit Vulnerable Variable: ripeformpost Cross-Site Scripting and SQL Injection possible Vulnerable File: contact/index.php Vulnerable: Ripe Website Manager = 0.8.4 Google d0rk: "Powered by Ripe Website...
phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
!-- phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit Vulnerable Variable: itemid Vulnerable File: modules/news/article.php Vulnerable: phpMySpace Gold v8.10 other versions should also be vulnerable Google d0rk: "Powered by phpMySpace Gold 8.10" John Martinelli [email protected]...
pmsgold-sql.txt
phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploitdiscovered by John MartinelliGoogle d0rk: "Powered by Ripe Website Manager"...
Ripe Website Manager 0.8.4 - '/contact/index.php?ripeformpost' SQL Injection
source: https://www.securityfocus.com/bid/23597/info Ripe Website Manager Ripe Website Manager discovered by John MartinelliGoogle d0rk: "Powered by Ripe Website Manager" alert1;"...