TinyWebGallery v 1.8.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications Date: 01/02/2011 dd/MM/yyyy Script: TinyWebGallery Version: 1.8.3 No fixes yet, might work on other versions too. Home: http://www.tinywebgallery.com -- Vulnerability: Non-persistent XSS Where: File: /admin/index.php Parameters: sview, tview,...

CMS WebManager-Pro 7.4.3 Code Execution / Cross Site Request Forgery

Hello list! I want to warn you about Remote Code Execution and Cross-Site Request Forgery vulnerabilities in CMS WebManager-Pro. This CMS is widely using at different web sites, including security and government sites. ------------------------- Affected products: -------------------------...

TinyWebGallery 1.8.3 Cross Site Scripting / Directory Traversal

Date: 01/02/2011 dd/MM/yyyy Script: TinyWebGallery Version: 1.8.3 No fixes yet, might work on other versions too. Home: http://www.tinywebgallery.com -- Vulnerability: Non-persistent XSS Where: File: /admin/index.php Parameters: sview, tview, dir, item. Examples:...

TinyWebGallery 1.8.3 - Multiple Vulnerabilities

Date: 01/02/2011 dd/MM/yyyy Script: TinyWebGallery Version: 1.8.3 No fixes yet, might work on other versions too. Home: http://www.tinywebgallery.com -- Vulnerability: Non-persistent XSS Where: File: /admin/index.php Parameters: sview, tview, dir, item. Examples:...

RCE и CSRF уязвимости в CMS WebManager-Pro

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Remote Code Execution и Cross-Site Request Forgery уязвимостях в CMS WebManager-Pro это украинская коммерческая CMS. RCE Remote PHP Code Execution WASC-31: В системе возможно включение php тэгов непосредственно в поля для текста контента. Таким...

vBSEO 3.5.2 & 3.2.2 - Persistent XSS via LinkBacks

Exploit for php platform in category web applications Versions Affected: 3.5.2 & 3.2.2 Most likely all versions Info: A proven success record, vBSEO powers the most optimized forums on the Web. The 1 SEO plugin and the only professional, fully supported solution. A full package of SEO enhancement...

vBSEO 3.2.23.5.2 - Persistent Cross-Site Scripting via LinkBacks

vBSEO 3.2.23.5.2 - Persistent Cross-Site Scripting via LinkBacks vBSEO - Persistent XSS via LinkBacks http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ Versions Affected: 3.5.2 & 3.2.2 Most likely all versions Info: A proven success record, vBSEO powers the most optimized forums on t...

vBSEO Sitemap 2.5/3.0 - Multiple Vulnerabilities

vBSEO Sitemap - Multiple Vulnerabilities Versions Affected: 2.5 and 3.0 Most likely all versions Info: A proven success record, vBSEO powers the most optimized forums on the Web. The 1 SEO plugin and the only professional, fully supported solution. A full package of SEO enhancements, one install,...

vBSEO 3.2.2/3.5.2 - Persistent Cross-Site Scripting via LinkBacks

vBSEO - Persistent XSS via LinkBacks http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ Versions Affected: 3.5.2 & 3.2.2 Most likely all versions Info: A proven success record, vBSEO powers the most optimized forums on the Web. The 1 SEO plugin and the only professional, fully support...

Sophisticated Attackers Now Using Social Net For Command and Control

Spammers aren’t the only ones who have figured out that social networks like Twitter and Facebook are good for business. Sophisticated hackers conducting targeted attacks are also using the networks as a tool to manage malware installations on victims’ networks, according to a new report from...

Smart core system multi-program through persistent XSS and fixes-vulnerability warning-the black bar safety net

Author: B0mbErM@n Program: Version: security2.5.0the governmentv2. 8. 0school2.5.0business3.7.2 and previous versions Environment: XP&IE6&Firefox/3.6.13 Vulnerability discovery:2010-01-15 Notification-vendor:2010-01-16 Lasting - XSS,background browsing of the triggerXSSstatement XSS E-mail:"XSS F...

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...

AneCMS 1.3 Cross Site Scripting

Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get filtered for HTML-Code. Simply add ...

Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability

Exploit for php platform in category web applications 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered,...

AneCMS 1.3 - Persistent Cross-Site Scripting

AneCMS 1.3 - Persistent Cross-Site Scripting Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that doe...

AneCMS 1.3 - Persistent Cross-Site Scripting

Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get filtered for HTML-Code. Simply add ...

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allo...

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...

glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting

Exploit Title: glfusion CMS 1.2.1 stored XSS via img tag Date: 14-1-2010 Author: Saif El-Sherei Software Link: www.glfusion.org/filemgmt/viewcat.php?cid=1 Version: 1.2.1 Tested on: Firefox 3.0.15 Info: glFusion gives you the ability to easily create websites and online communities complete with...

Seo Panel 2.2.0 Cross Site Scripting

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...