HDWiki-V4. 0. 5 proof 0day cross site vulnerability-vulnerability warning-the black bar safety net

Effects: the HDWiki-V4. 0. 5 Degree of harm: high-risk Vulnerability description: Ann-day lab Safety research and Emergency Response Center of Antiy CERT by penetration testing found the HDWiki-V4. 0. 5 This version in the Create and edit entries, for inside the HTML element does not have very go...

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code : http://www.backtrack.it/emgent/exploits/DrupalMultiplePermanentXss-20090107.tx...

Facebook for iPhone persistent XSS

================================== Facebook for iPhone persistent XSS ================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 /' /' / /' 0 /, // ,/ / 1 // /' / // /' / /' 0 / / / / / / 1 / / 0 ////// // // // // // 1 / Exploit database...

Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting

Overview Liferay Portal is vulnerable to persistent cross-site scripting via the ppid parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator. Description Liferay Portal is a web portal that can provide Java applets that...

Facebook for iPhone persistent XSS

No description provided by source. ================================== Facebook for iPhone persistent XSS ================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...

easyPortal 1.0.0 XSS / XSRF

----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010. ----------------------------------------------------------------------------------------------- Application: easyPortal...

Facebook for iPhone - Persistent Cross-Site Scripting Denial of Service

Facebook for iPhone persistent XSS Facebook application for iPhone is not encoding special characters in Notes detail Adding this code in a note will freeze application: var x = 'x'; while 1 document.write''; x = x + 'x'; App page: http://www.facebook.com/apps/application.php?id=6628568379...

Facebook for iPhone persistent XSS DOS

Exploit for unknown platform in category dos / poc ====================================== Facebook for iPhone persistent XSS DOS ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...

eazyPortal 1.0.0 - Multiple Vulnerabilities

eazyPortal 1.0.0 - Multiple Vulnerabilities ----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010...

eazyPortal 1.0.0 - Multiple Vulnerabilities

----------------------------------------------------------------------------------------------- Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 02. January 2010. ----------------------------------------------------------------------------------------------- Application: eazyPortal...

PBX Phone System 2.x - Multiple Vulnerabilities

PBX Phone System 2.x - Multiple Vulnerabilities PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting...

Barracuda Web Firewall 660 Firmware v7.3.1.007 Vulnerability

No description provided by source. Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijackor can implement script routines &...

Recipe Script v5.0 Shell Upload/XSRF/XSS Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= Recipe Script v5.0 Shell Upload/XSRF/XSS Multiple Vulnerabilities =================================================================...

Invision Power Board Attachment Cross Site Scripting

Hello Bugtraq! I want to warn you about new vulnerabilities in Invision Power Board. These are Cross-Site Scripting vulnerabilities. Attack is going via attachment at click on the attachment in the post at forum or on the link to this attachment. These are persistent XSS vulnerabilities. I know f...

Cross-Site Scripting vulnerabilities in Invision Power Board

Hello 3APA3A! I want to warn you about new vulnerabilities in Invision Power Board. These are Cross-Site Scripting vulnerabilities. Attack is going via attachment at click on the attachment in the post at forum or on the link to this attachment. These are persistent XSS vulnerabilities. I know fo...

oBlog Persistant XSS, CSRF, Admin Bruteforce

No description provided by source. ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip Author of this full disclosure: Milos Zivanovic...

Oracle eBusiness Suite Cross Site Scripting / Bypass

Hacktics Research Group Security Advisory http://www.hacktics.com/details=;view=Resources%7CAdvisory By Shay Chen, Hacktics. 14-Dec-2009 =========== I. Overview =========== During a penetration test performed by Hacktics' experts, certain vulnerabilities were identified in the Oracle eBusiness...

WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. WX Guest Book 1.1.208 Vulns By xxHackerXzX hacker from nepal [email protected] Product name: WX Guestbook 1.1.208 Product vendor: http://www.ekin0x.com/r57.txt This product suffers from multiple SQLi and persistent XSS vuln. SQL Search Vuln The search...

Loggix Project <= 9.4.5 Multiple Remote File Inclusion

No description provided by source. WX Guest Book 1.1.208 Vulns By xxHackerXzX hacker from nepal [email protected] Product name: WX Guestbook 1.1.208 Product vendor: http://www.ekin0x.com/r57.txt This product suffers from multiple SQLi and persistent XSS vuln. SQL Search Vuln The search...

Acc Auto Dealer Script XSS / Backup Disclosure

/\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111 ---------------------------------------------------------------- + Acc Auto Dealer Script Persistent XSS / SQL backup // Author Info x Author: bi0 x Contact: [email protected] x Homepage : www.ssteam.ws x...