Bitweaver XSS & SQL Injection Vulnerability

HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...

bitweaver-sqlxss.txt

HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...

isaa-2007-004.txt

============================================= INTERNET SECURITY AUDITORS ALERT 2007-004 - Original release date: November 7th, 2007 - Last revised: December 7th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 ============================================= I. VULNERABILITY...

[ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS

============================================= INTERNET SECURITY AUDITORS ALERT 2007-004 - Original release date: November 7th, 2007 - Last revised: December 7th, 2007 - Discovered by: Jesus Olmos Gonzalez - Severity: 4/5 ============================================= I. VULNERABILITY...

MoBiC-28 Bonus: XSS in Cryptographp

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в капче Cryptographp. Это капча плагин для WordPress. Всего 24 XSS уязвимости на странице опций плагина http://site/wp-admin/options-general.php?page=cryptographp/admin.php. Причём это persistent XSS уязвимости. XS...

MoBiC-26 Bonus: XSS in Captcha!

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в капче Captcha!. Это капча плагин для WordPress. Всего 4 XSS уязвимости на странице опций плагина http://site/wp-admin/options-general.php?page=captchacaptcha.php. Причём это persistent XSS уязвимости. XSS:...

MoBiC-23 Bonus: XSS in Math Comment Spam Protection

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в капче Math Comment Spam Protection. Это капча плагин для WordPress. Для атаки необходимо произвести CSRF + XSS атаку для обеих уязвимостей. Причём это persistent XSS уязвимости. XSS: Эксплоит 1:...

PR07-26: Persistent XSS on Aruba 800 Mobility Controller's login page

Date Found: 17th July 2007 Vendor informed: 23rd July 2007 Confirmed by vendor: 13th September 2007 Description: Aruba 800 is vulnerable to a persistent XSS on the administrator login screen. An unauthenticated user can re-write the hidden parameter 'url' by requesting a link under the /screens/...

ProCheckUp Security Advisory 2007.26

Date Found: 17th July 2007 Vendor informed: 23rd July 2007 Confirmed by vendor: 13th September 2007 Description: Aruba 800 is vulnerable to a persistent XSS on the administrator login screen. An unauthenticated user can re-write the hidden parameter 'url' by requesting a link under the /screens/...

phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...

Two XSS on Blue Coat ProxySG Management Console

PR07-29: Two XSS on Blue Coat ProxySG Management Console Vulnerability found: 23 July 2007 Vendor informed: 20 August 2007 Vulnerability fixed: 29 October 2007 Advisory publicly released: 1 November 2007 Severity: Medium Description: Blue Coat SG400 is vulnerable to a couple of XSS holes...

Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service

Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service source: https://www.securityfocus.com/bid/26216/info Mozilla Firefox is prone to a vulnerability that results in a persistent denial of service. This issue occurs when a victim sets a malicious bookmark and then follows it...

Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service

source: https://www.securityfocus.com/bid/26216/info Mozilla Firefox is prone to a vulnerability that results in a persistent denial of service. This issue occurs when a victim sets a malicious bookmark and then follows it. Successful attacks will cause Firefox to stop responding to all URI...

GLSA-200709-18 : Bugzilla: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200709-18 Bugzilla: Multiple vulnerabilities Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the 'buildid' parameter when filing bugs CVE-2007-4543. The next two vulnerabiliti...

Bugzilla: Multiple vulnerabilities

Background Bugzilla is a web application designed to help with managing software development. Description Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the "buildid" parameter when filing bugs CVE-2007-4543. The next two vulnerabilities onl...

[Full-disclosure] WordPress wp-feedstats persistent XSS

A persistent XSS vulnerability was found in wp-feedstats 2.4 by David Kierznowski http://gnucitizen.org/about/dk of GNUCITIZEN. Details: http://blogsecurity.net/wordpress/news-260707/...

Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings

didn't find this in your list. Work for their online demo site not sure if it works in actual deployment -...

Security on AIR: Local file access through JavaScript

Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...

Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Check Point Safe@Office Device

Calyptix Security Advisory CX-2007-04 Cross-Site Request Forgery Attack Against Check Point Safe@Office Device Date: 06/26/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-04.php http://labs.calyptix.com/CX-2007-04.txt Overview Multiple versions of Check Point's Safe@Office UTM devi...

Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24682/info Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into opening a malicious URI...