phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...

Two XSS on Blue Coat ProxySG Management Console

PR07-29: Two XSS on Blue Coat ProxySG Management Console Vulnerability found: 23 July 2007 Vendor informed: 20 August 2007 Vulnerability fixed: 29 October 2007 Advisory publicly released: 1 November 2007 Severity: Medium Description: Blue Coat SG400 is vulnerable to a couple of XSS holes...

Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service

Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service source: https://www.securityfocus.com/bid/26216/info Mozilla Firefox is prone to a vulnerability that results in a persistent denial of service. This issue occurs when a victim sets a malicious bookmark and then follows it...

Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service

source: https://www.securityfocus.com/bid/26216/info Mozilla Firefox is prone to a vulnerability that results in a persistent denial of service. This issue occurs when a victim sets a malicious bookmark and then follows it. Successful attacks will cause Firefox to stop responding to all URI...

GLSA-200709-18 : Bugzilla: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200709-18 Bugzilla: Multiple vulnerabilities Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the 'buildid' parameter when filing bugs CVE-2007-4543. The next two vulnerabiliti...

Bugzilla: Multiple vulnerabilities

Background Bugzilla is a web application designed to help with managing software development. Description Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the "buildid" parameter when filing bugs CVE-2007-4543. The next two vulnerabilities onl...

[Full-disclosure] WordPress wp-feedstats persistent XSS

A persistent XSS vulnerability was found in wp-feedstats 2.4 by David Kierznowski http://gnucitizen.org/about/dk of GNUCITIZEN. Details: http://blogsecurity.net/wordpress/news-260707/...

Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings

didn't find this in your list. Work for their online demo site not sure if it works in actual deployment -...

Security on AIR: Local file access through JavaScript

Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...

Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24682/info Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into opening a malicious URI...

Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device

Calyptix Security Advisory CX-2007-04 Cross-Site Request Forgery Attack Against Check Point Safe@Office Device Date: 06/26/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-04.php http://labs.calyptix.com/CX-2007-04.txt Overview Multiple versions of Check Point's Safe@Office UTM devi...

PhpListPro Persistent XSS Vulnerability

-=--------------------ADVISORY-------------------=- phpListPro Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: phpListPro -=+ Version: 2.0.1 -=+ Vendor's URL: http://www.smartisoft.com/ -=+ Platform: WindowsLinuxUnix -=+ Bug type: Persistent...

Low: sendmail security and bug fix update

8.13.1-3.2.el4 - fixed infinite loop within tls read by enabling FFRDEALWITHERRORSSL Resolves: rhbz121850 - fixed incorrect path to selinuxenabled in initscript Resolves: rhbz152282 - removed rpm build artifacts from sendmail-cf package Resolves: rhbz152955 - fixed missing socketmap support...

eqdkp-xss.txt

In listmembers.php, $show fails to properly sanitize user-supplied input. It's non persistent XSS :-/ Example: $path-to-eqdkp/listmembers.php?show=%22%3E%3Cplaintext%3E kefka kefka at kevinbeardsucks.com...

sinecms-xss.txt

. . . . | . .| . .;/ || Infos --------- Date : 2007-04-26 ISO 8601 Product : SineCms Version : 2.3.4 last, prior versions may also be affected Vendor : http://sourceforge.net/projects/sine - http://www.sinecms.net Vendor Status : 2007-04-26 - Informed! Description : SineCms is a management...

Low: Red Hat Security Advisory: sendmail security and bug fix update

Updated sendmail packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Sendmail is a very widely used Mail Transport Agent MTA. MTAs deliver mail from on...

SineCMS

. . . . | . .| . .;/ || .| .net | .| "SineCms Version 2.3.4 - Non-Persistent XSS Vulnerability" by Nexus 1 Infos --------- Date : 2007-04-26 ISO 8601 Product : SineCms Version : 2.3.4 last, prior versions may also be affected Vendor : http://sourceforge.net/projects/sine - http://www.sinecms.net...

yabook-xss.txt

. . . . | . .| . .;/ || Infos --------- Date : 2007-04-23 Product : YA Book Version : 0.98-alpha - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/yabook - http://www.phpee.com/ Vendor Status : 2007-04-23 - Not Informed! 2007-04-24 - Informed! Description : YaBook- Y...

YA Book Persistent XSS Bug

. . . . | . .| . .;/ || .| .net | .| "YA Book 0.98-alpha - Persistent XSS Vulnerability" by Omni 1 Infos --------- Date : 2007-04-23 Product : YA Book Version : 0.98-alpha - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/yabook - http://www.phpee.com/ Vendor Status ...

Persistent CSRF and The Hotlink Hell

http://www.gnucitizen.org/blog/persistent-csrf-and-the-hotlink-hell/ http://michaeldaw.org/papers/hotlinkpersistentcsrf/ I would like to bring your attention to a topic that has been rarely discussed. I am going to talk about hotlinks, redirections and of course CSRF Cross-site Request Forgery...