7606 matches found
AneCMS 1.3 - Persistent Cross-Site Scripting
Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get filtered for HTML-Code. Simply add ...
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allo...
glfusion CMS 1.2.1 - img Persistent Cross-Site Scripting
glfusion CMS 1.2.1 - img Persistent Cross-Site Scripting Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easi...
Seo Panel 2.2.0 Cross Site Scripting
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...
glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting
Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easily create websites and online communities complete with...
ObjectivityDB - Lack of Authentication
ObjectivityDB - Lack of Authentication !/usr/bin/python obj.py Objectivity/DB Lack of Authentication Remote Exploit Jeremy Brown 0xjbrown41-gmail-com Jan 2011 "Objectivity, Inc. is a leader in distributed, scalable database technology. Our patented data management engine and persistent object sto...
CGI Generic XSS (persistent, 2nd pass)
The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the...
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results in a cross site scripting attack against admins or an...
Skadate Multiple Persistent Cross Site Scripting Vulnerabilities (Undisclosed New Vulnerability)
Exploit Title: Skadate Persistent Cross Site Scripting Vulnerability Google Dork: Powered by SkaDate dating Date: 2 January 2011 Author: Akastep Software Link: http://www.skadate.com Version: SkaDate dating software Tested on: nginx/0.7.62 php version: PHP/5.2.14 ----- Exploit: Persistent Cross...
Skadate Cross Site Scripting
Exploit Title: Skadate Persistent Cross Site Scripting Vulnerability Google Dork: Powered by SkaDate dating Date: 2 January 2011 Author: Akastep Software Link: http://www.skadate.com Version: SkaDate dating software Tested on: nginx/0.7.62 php version: PHP/5.2.14 ----- Exploit: Persistent Cross...
Report : Top Hacker Targets Include Mobile Devices and Mac !
McAfee is making security predictions for 2011. The firm outlines its top threats for next year in the 2011 Threat Predictions report -- and Android, iPhone, Foursquare, Google TV, and Mac OS X are listed as major cybercrime targets. Politically motivated attacks are also expected to increase, a ...
OpenClassifieds 1.7.0.3 Chained: Captcha Bypass / SQLi / Persistent XSS
Exploit for php platform in category web applications Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If registration is required an extra link in the chain is added...
Multiple Vulnerabilities in OpenClassifieds 1.7.0.3
I understand that this is a vain hope that bugtraq will start posting something useful. Author:Michael Brooks Rookbr Application:OpenClassifieds 1.7.0.3br download: http://open-classifieds.com/download/br Exploit chain:captcha bypass-sqliinsert-persistant xss on front pagebr If registration is...
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting on FrontPage
Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If registration is required an extra link in the chain is added: Exploit chain:blind sqliselect-captcha...
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If...
Social Share 2010-06-05 Cross Site Scripting
www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...
redmine -- multiple vulnerabilities
Jean-Philippe Lang reports: This release also fixes 3 security issues reported by joernchen of Phenoelit: logged in users may be able to access private data affected versions: 1.0.x persistent XSS vulnerability in textile formatter affected versions: all previous releases remote command execution...
WORDPRESS Plugin Accept Signups 0.1 XSS
Exploit for php platform in category web applications Exploit Title: WORDPRESS Plugin Accept Signups PERSISTENT XSS Date:21/12/2010 Author: clshack Software Link:http://wordpress.org/extend/plugins/accept-signups/ Version:0.1 Tested on: wordpress 3.03 CVE : Vulnerable code accept-signupssubmit.ph...
WordPress Accept Signups 0.1 Cross Site Scripting
Exploit Title: WORDPRESS Plugin Accept Signups PERSISTENT XSS Date:21/12/2010 Author: clshack Software Link:http://wordpress.org/extend/plugins/accept-signups/ Version:0.1 Tested on: wordpress 3.03 CVE : Vulnerable code accept-signupssubmit.php: requireonce'../../../wp-config.php';//addslashes to...