Cross site scripting

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Limny 3.0.1 admin/login.php is vulnerable to Cross‑Site Scripting via PATH_INFO (PHP_SELF). OpenVAS confirms a Limny XSS issue; no explicit patch/fix details are provided in the supplied documents. A Limny 3.0.2.x release is referenced, but no confirmed remediation is stated here.

Chamilo 1.8.8.4 XSS / File Deletion

Chamilo 1.8.8.4 Multiple Vulnerabilities ======================== CVE: CVE-2012-4029 Issue: Reflected XSS PHPSELF in third-party app, Stored XSS PHPSELF XSS http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'" Stored XSS unfiltered input categoryname...

http-phpself-xss NSE Script

Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $SERVER"PHPSELF". This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHPSELF cross site scripting vulnerabilities. PHPSELF...

Limny 3.0.1 (login.php) Remote URI Based Cross-Site Scripting Vulnerability

Summary Limny is a free and open-source content management framework with a focus on ease to use and develop. It can be used as a stable and powerful core for heavy and light web applications by having main features of web applications such as user management, multilingual system and multiple the...

Limny 3.0.1 Cross Site Scripting

Limny 3.0.1 login.php Remote URI Based Cross-Site Scripting Vulnerability Vendor: Hamidreza Samak Product web page: http://www.limny.org Affected version: 3.0.1 Summary: Limny is a free and open-source content management framework with a focus on ease to use and develop. It can be used as a stabl...

XAMPP 'PHP_SELF' Variable Multiple Cross Site Scripting Vulnerabilities

XAMPP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Sports PHool <= 1.0 Remote File Include Exploit

Exploit for php platform in category web applications " ."target:" ."evil:" ."cmd:" ."" .""; if !isset$POST'submit' echo $form; else $file = fopen "test.txt", "w+"; fwrite$file, ""; fclose$file; $file = fopen $target.$evil, "r"; if !$file echo "Unable to get output.\n"; exit; echo $form; while...

6kbbs - Multiple Vulnerabilities

6kbbs - Multiple Vulnerabilities Exploit Title: 6kbbs Multiple Vulnerabilities Google Dork: Powered by 6kbbs V8.0 Date: 2011/10/5 Author: insight-labs Software Link: http://www.6kbbs.net/ Version: 6KBBS v8.0 build 20101201 Tested on: linux+apache 1.Cross-site request forgery getshell vulnerable...

dz7. 2 HTTP header injection vulnerability-vulnerability warning-the black bar safety net

dz7. 2 HTTP header injection vulnerability 20107/7/, the dz7. 2 header injection vulnerability 20107/7/ image.php to: header header'location: '.$ boardurl.$ thumbfile; $boardurl = htmlspecialchars'http://'.$ SERVER'HTTPHOST'. pregreplace"//+api|archiver|wap?/$/ i", ", substr$PHPSELF, 0,...

CRE Loaded Multiple Security Bypass Vulnerabilities

CRE Loaded is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-5077

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...

Authentication flaw

CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is not properl...

phpstcms (STCMS music system) to bypass the backend authentication method-vulnerability warning-the black bar safety net

Published author: the mind Vulnerability type: background verification Vulnerability analysis: a music system-0-in! Throw in the hard disk is also equal to moldy, classic white look at the code. Vulnerability exists in“common.inc.php”file, as follows. phpstcms STCMS music system to bypass the...

RoSPORA 1.5.0 - Remote PHP Code Injection

RoSPORA 1.5.0 - Remote PHP Code Injection '; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter...

OSSIM 2.2.1 Cross Site Scripting

================== Summary ================== Multiple XSS vulnerabilities in OSSIM 2.2.1 Discovered by: CONIX Security www.conix.fr Public Release Date: 3/31/2010 Vendor: Alienvault www.alienvault.com Fixed: Yes 3/30/2010 ============= Technical Details ============= 1. An attacker can redirect ...

Multiple XSS vulnerabilities in OSSIM 2.2.1

================== Summary ================== Multiple XSS vulnerabilities in OSSIM 2.2.1 Discovered by: CONIX Security www.conix.fr Public Release Date: 3/31/2010 Vendor: Alienvault www.alienvault.com Fixed: Yes 3/30/2010 ============= Technical Details ============= 1. An attacker can redirect ...

Debian DSA-1966-1 : horde3 - insufficient input sanitising

Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences o...

RoseOnlineCMS 3 B1 - Remote Authentication Bypass

'/ -.- --------------------oOO------OOo------------------- | RoseOnlineCMS ! Download: http://sourceforge.net/projects/rosecms/files/ ! Date: 16.01.2010 ! Remote: yes ! Code : " method="post" Username: Password: ?php ifisset$POST'submit' // username and password sent from signup form $USER =...