48 matches found
Unfixed XSS vulnerability at www.nukedit.com
Security researcher C1c4Tr1Z, has submitted on 30/03/2008 a cross-site-scripting XSS vulnerability affecting www.nukedit.com, which at the time of submission ranked 479451 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/04/2008. It is...
Nukedit 4.9.x Remote Create Admin Exploit
No description provided by source. !/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v34tyahoodotcom Tehran - Iran &nb...
Nukedit utilities/login.asp email Parameter SQL Injection
The remote host is running Nukedit, a content management system written in ASP. The version of Nukedit installed on the remote host fails to sanitize user input to the 'email' parameter of the 'utilities/login.asp' script before using it in a database query. An unauthenticated attacker may be abl...
nukeditadmin-sql.txt
!/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v34tyahoodotcom Tehran - Iran Download: http://www.nukedit.com/content/Download.asp Vulnerables: 4.9.x, prior versions maybe affected. Remote: Yes Dork: "Powered by Nukedit" Fix: Not...
Nukedit 4.9.x - Remote Create Admin
Nukedit 4.9.x - Remote Create Admin !/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v34tyahoodotcom Tehran - Iran Download: http://www.nukedit.com/content/Download.asp Vulnerables: 4.9.x, prior versions maybe affected. Remote: Yes Dork:...
Nukedit 4.9.x - Remote Create Admin
!/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v34tyahoodotcom Tehran - Iran Download: http://www.nukedit.com/content/Download.asp Vulnerables: 4.9.x, prior versions maybe affected. Remote: Yes Dork: "Powered by Nukedit" Fix: Not...
Nukedit 4.9.x Remote Create Admin Exploit
Exploit for unknown platform in category web applications ========================================= Nukedit 4.9.x Remote Create Admin Exploit ========================================= !/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 Tehran - Iran Download:...
nukedit-sql.txt
Title: Nukedit 4.9.x Login Bypass SQL injection Discovered By: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v3 4t yahoo dot com Tehran - Iran Download: http://www.nukedit.com/content/Download.asp Vulnerables: 4.9.x, prior versions maybe vulnerable Remote: Yes Dork: "Powered by Nukedit"...
CVE-2007-4052
Cross-site scripting XSS vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-4052
Cross-site scripting XSS vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-4052
CVE-2007-4052 describes a cross-site scripting (XSS) vulnerability in nukedit 4.9.7 and earlier, located in utilities/login.asp. The issue allows remote attackers to inject arbitrary web script or HTML via the email parameter. The provided documents consistently identify the affected component an...
nukeditXSS.txt
Title : Nukedit Login.ASP Cross-Site Scripting Vulnerability Description : Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Software : http://www.nukedit.com/ Author : d3hydr8 Contact : d3hydr8atgmaildotcom Original...
Nukedit 4.9.x - login.asp Cross-Site Scripting
Nukedit 4.9.x - login.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/25081/info Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...
Nukedit 4.9.x - 'login.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/25081/info Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Cross site scripting
Cross-site scripting XSS vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-2432
Cross-site scripting XSS vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-2432
Cross-site scripting XSS vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-2432
CVE-2007-2432 is an XSS vulnerability in nukedit 4.9.7b affecting the utilities/search.asp endpoint, exploitable via the terms parameter to inject arbitrary web script/HTML. The provided documents consistently describe a client-side/script injection risk without detailing exploitation status or p...
CVE-2006-2737
utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action...