Explay CMS <= 2.1 Persistent XSS and CSRF Vulnerability

No description provided by source. ================================== Explay CMS = 2.1 Persistent XSS and CSRF ================================== Discovered by hodik Mail: [email protected] 1. Persistent XSS This CMS has bad anti-XSS filter that cut only some basic vectors. The loginned user can...

explay-xssxsrf.txt

================================== Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text...

Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery

================================== Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text. milw0rm.com 2008-09-19...

Explay CMS <= 2.1 Persistent XSS and CSRF Vulnerability

Exploit for unknown platform in category web applications ======================================================= Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text. 0day.today 2018-02-13...

Explay CMS 2.1 - Persistent Cross-Site Scripting Cross-Site Request Forgery

Explay CMS 2.1 - Persistent Cross-Site Scripting Cross-Site Request Forgery ================================== Explay CMS 2. CSRF User can get admin rights if admin open malicious page that contain, for instance: or merely insert it to comment or article text. milw0rm.com 2008-09-19...

CVE-2008-3622

Cross-site scripting XSS vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."...

Vulnerabilities in FeedBurner FeedSmith for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и HTTP Response Splitting + Cross-Site Scripting уязвимостях в плагине FeedBurner FeedSmith для WordPress. Который разрабатывается FeedBurner, принадлежащей компании Google. Full path disclosure:...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague...

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only...

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague...

CVE-2008-3552

Technical details for CVE-2008-3552 are not publicly available in the provided documents. The connected records do not disclose affected products, versions, or exploit information. Monitor for updates from official advisories to clarify scope and remediation.

CVE-2008-3552

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only...

CVE-2008-3553

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2008-3553.

Vulnerabilities in FireStats

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в FireStats плагине для WordPress и других CMS. Full path disclosure: http://site/wp-content/plugins/firestats/js/firestats.js.php...

ProCheckUp Security Advisory 2008.13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-13: Persistent Cross-site Scripting XSS on Moodle via blog entry title Vulnerability found: 20/06/2008 Vendor informed: 25/06/2008 Vulnerability fixed: 16/07/2008 Advisory publicly released: 22/07/2008 Severity: High Description: By creating a ne...

Asterisk 1.6 IAX - &#039;POKE&#039; Requests Remote Denial of Service

source: https://www.securityfocus.com/bid/30321/info Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession. Attackers can exploit this issue by sending a persistent stream of 'POKE' requests that will consume processo...

Context IS Advisory - MS08-39 OWA XSS

===============================ADVISORY=============================== Systems Affected: Microsoft Outlook Web Access 2003 and 2007 Exchange Server 2003 SP2, Exchange Server 2007, Exchange Server 2007 SP1 Severity: High Category: Cross Site Scripting, Cross Site Request Forgery Author: Context...

vbulletin-adminxss.txt

====================================================================== Advisory : XSS in admin logs Release Date : July 06th 2008 Application : vBulletin Version : vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors : Jessica Hop...

CVE-2008-2711

CVE-2008-2711 affects fetchmail versions 6.3.8 and earlier. In verbose log mode, a malformed mail message with long headers can trigger an erroneous dereference during log formatting (vsnprintf), causing a remote denial of service via a crash and resulting persistent mail failure. Connected advis...