7640 matches found
ObjectivityDB - Lack of Authentication
ObjectivityDB - Lack of Authentication !/usr/bin/python obj.py Objectivity/DB Lack of Authentication Remote Exploit Jeremy Brown 0xjbrown41-gmail-com Jan 2011 "Objectivity, Inc. is a leader in distributed, scalable database technology. Our patented data management engine and persistent object sto...
CGI Generic XSS (persistent, 2nd pass)
The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the...
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
Exploit Title: lifetype 1.2.10 http referer XSS Date: 11-1-2010 Author: Saif El-Sherei Software Link: http://lifetype.net/page/downloads Version: 1.2.10 Tested on: firefox 3.0.15 failure to sanitize the http referer header in index.php results in a cross site scripting attack against admins or an...
Skadate Multiple Persistent Cross Site Scripting Vulnerabilities (Undisclosed New Vulnerability)
Exploit Title: Skadate Persistent Cross Site Scripting Vulnerability Google Dork: Powered by SkaDate dating Date: 2 January 2011 Author: Akastep Software Link: http://www.skadate.com Version: SkaDate dating software Tested on: nginx/0.7.62 php version: PHP/5.2.14 ----- Exploit: Persistent Cross...
Skadate Cross Site Scripting
Exploit Title: Skadate Persistent Cross Site Scripting Vulnerability Google Dork: Powered by SkaDate dating Date: 2 January 2011 Author: Akastep Software Link: http://www.skadate.com Version: SkaDate dating software Tested on: nginx/0.7.62 php version: PHP/5.2.14 ----- Exploit: Persistent Cross...
Report : Top Hacker Targets Include Mobile Devices and Mac !
McAfee is making security predictions for 2011. The firm outlines its top threats for next year in the 2011 Threat Predictions report -- and Android, iPhone, Foursquare, Google TV, and Mac OS X are listed as major cybercrime targets. Politically motivated attacks are also expected to increase, a ...
OpenClassifieds 1.7.0.3 Chained: Captcha Bypass / SQLi / Persistent XSS
Exploit for php platform in category web applications Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If registration is required an extra link in the chain is added...
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If...
Multiple Vulnerabilities in OpenClassifieds 1.7.0.3
I understand that this is a vain hope that bugtraq will start posting something useful. Author:Michael Brooks Rookbr Application:OpenClassifieds 1.7.0.3br download: http://open-classifieds.com/download/br Exploit chain:captcha bypass-sqliinsert-persistant xss on front pagebr If registration is...
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQL Injection / Persistent Cross-Site Scripting on FrontPage
Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If registration is required an extra link in the chain is added: Exploit chain:blind sqliselect-captcha...
Social Share 2010-06-05 Cross Site Scripting
www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...
redmine -- multiple vulnerabilities
Jean-Philippe Lang reports: This release also fixes 3 security issues reported by joernchen of Phenoelit: logged in users may be able to access private data affected versions: 1.0.x persistent XSS vulnerability in textile formatter affected versions: all previous releases remote command execution...
WORDPRESS Plugin Accept Signups 0.1 XSS
Exploit for php platform in category web applications Exploit Title: WORDPRESS Plugin Accept Signups PERSISTENT XSS Date:21/12/2010 Author: clshack Software Link:http://wordpress.org/extend/plugins/accept-signups/ Version:0.1 Tested on: wordpress 3.03 CVE : Vulnerable code accept-signupssubmit.ph...
WordPress Accept Signups 0.1 Cross Site Scripting
Exploit Title: WORDPRESS Plugin Accept Signups PERSISTENT XSS Date:21/12/2010 Author: clshack Software Link:http://wordpress.org/extend/plugins/accept-signups/ Version:0.1 Tested on: wordpress 3.03 CVE : Vulnerable code accept-signupssubmit.php: requireonce'../../../wp-config.php';//addslashes to...
WordPress Plugin Accept Signups 0.1 - Cross-Site Scripting
Exploit Title: WORDPRESS Plugin Accept Signups PERSISTENT XSS Date:21/12/2010 Author: clshack Software Link:http://wordpress.org/extend/plugins/accept-signups/ Version:0.1 Tested on: wordpress 3.03 CVE : Vulnerable code accept-signupssubmit.php: requireonce'../../../wp-config.php';//addslashes to...
REstate Real Estate Script Cross Site Scripting
========================================================= REstate Real Estate Script Persistent Xss Vulnerability ========================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 /' \ /'\ /'\ /\ \ /\ /\ \ 7 1 /, /\L\ ...
Inout Webmail Cross Site Scripting
Name :inoutwebmail Persistent Xss Vulnerability Date : Dec,20 2010 Vendor Url :http://www.inoutscripts.com/ Author : Sid3^effects aKa HaRi Big hugs : Th3 RDX,Hananbutt, special thanks to : r0073r inj3ct0r.com,L0rd...
Inout Webmail Script Persistent XSS Vulnerability
Exploit for php platform in category web applications Name :inoutwebmail Persistent Xss Vulnerability Date : Dec,20 2010 Vendor Url :http://www.inoutscripts.com/ Author : Sid3^effects aKa HaRi Big hugs : Th3 RDX,Hananbutt, special thanks to : r0073r inj3ct0r.com,L0rd...
Tunngavik CMS SQL Injection / Cross Site Scripting
======================================================= Tunngavik CMS Exploit database separated by exploit 3 3 type local, remote, DoS, etc. 3 7 7 1 + Site : 1337db.com 1 3 + Support e-mail : submitat1337db.com 3 3 3 7 7 1 I'm KnocKout 1337 Member from 1337 DataBase 1 3 3 3 3...
Squid-Imposter: A Squid Based Sidejacking Proxy !
That tool was meant specifically for Windows operating systems and also contains a module that uses HTML5 offline cache to store the payload permanently in all supporting browsers. Squid-Imposter just add the HTML5 offline cache storage functionality to the application and has been ported to Linu...