9 matches found
NooMS 1.1 - smileys.php page_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browse...
CVE-2008-4179
Multiple cross-site scripting XSS vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 pageid parameter to smileys.php and the 2 q parameter to search.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 pageid parameter to smileys.php and the 2 q parameter to search.php...
Remote file inclusion
Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force attacks against passwords via a username in the gdbuser parameter and a password in the gdbpwd parameter, and possibly a "localhost" gdbhost parameter value, related to a "Mysql Remote Brute Force...
CVE-2008-4180
The CVE-2008-4180 entry concerns NooMS 1.1, where a vulnerability in db.php could allow remote brute-force attempts against database passwords using g_dbuser and g_dbpwd parameters, and possibly a localhost value for g_dbhost. The connected sources corroborate an unspecified vulnerability enablin...
CVE-2008-4179
Multiple cross-site scripting XSS vulnerabilities in NooMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 pageid parameter to smileys.php and the 2 q parameter to search.php...
Open redirect
Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the gsiteurl parameter...
nooms-xss.txt
---------------------------------------------------------------- Script : Nooms 1.1 Type : Multiple Vulnerabilities Cross Site Scripting/Redirect/Mysql Brute Force Local Access Risk : Medium ---------------------------------------------------------------- Download From :...
Nooms 1.1 - 'smileys.php?page_id' Cross-Site Scripting
source: https://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...