484 matches found
CVE-2006-0541
Multiple cross-site scripting XSS vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages."...
CVE-2006-0541
Multiple cross-site scripting XSS vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages."...
CVE-2005-2805
forumpost.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number...
CVE-2005-2106
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting...
CVE-2005-1886
Cross-site scripting XSS vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via 1 the phid parameter or 2 unknown parameters when posting a new comment...
CVE-2005-0476
Cross-site scripting XSS vulnerability in hpmguestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message...
[Full-disclosure] 3 XSS Vulnerabilities in Phorum <= 5.0.14
Author: Jon Oberheide [email protected] Date: Sat, March 12th, 2005 Summary ======= Application: Phorum Vendor Website: http://www.phorum.org Affected Versions: = 5.0.14 Type of Vulnerability: Cross Site Scripting XSS About Phorum ============ Phorum is a web based message board written in PHP...
News Server (NNTP) Anonymous Read / Write Access
The remote server seems open to remote users. Some people prefer open public NNTP servers to be able to read or post articles anonymously. Unwanted connections could waste your bandwidth or put you into legal trouble if a malicious person were to use your server to post abusive articles. Keep in...
newsgrab -- insecure file and directory creation
The newsgrab script uses insecure permissions during the creation of the local output directory and downloaded files. After a file is created, permissions on it are set using the mode value of the newsgroup posting. This can potentially be a problem when the mode is not restrictive enough. In...
[XSS] PHP-Nuke 7.4 AddMsg Bug
CODEBUG Labs Advisory 4 Title: Addmsg Bug Author: Pierquinto 'Mantra' Manco Product: PHP-Nuke 7.4 Type: XSS Web: http://www.mantralab.org Add Message Bug - Description PHP-Nuke is a very bugged web CMS, version 7.4 has critical XSS bug that permit to an attacker to post gloabal home-page messages...
Mensajeitor Tag Board 1.x - Authentication Bypass
source: https://www.securityfocus.com/bid/10774/info It has been reported that Mensajeitor Tag Board is affected by an authentication bypass vulnerability. This issue is due to a failure of the application to properly handle authentication controls. Successful exploitation of this issue will allo...
Mensajeitor Tag Board 1.x - Authentication Bypass
Mensajeitor Tag Board 1.x - Authentication Bypass source: https://www.securityfocus.com/bid/10774/info It has been reported that Mensajeitor Tag Board is affected by an authentication bypass vulnerability. This issue is due to a failure of the application to properly handle authentication control...
WebCT Campus Edition 3.8/4.x - HTML Injection
source: https://www.securityfocus.com/bid/9999/info It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecting user. A malicious user could supply...
ZH2003-24SA (security advisory): ChitChat.NET XSS Vulnerability
ZH2003-24SA security advisory: ChitChat.NET XSS Vulnerability Published: 13 august 2003 Released: 13 august 2003 Name: ChitChat.NET Affected Systems: 2.0 Issue: Remote attackers can inject XSS script Author: [email protected] Vendor: http://clickcess.com/ Description Zone-h Security Team has...
posterv2.txt
Hi Guys, This is my first time posting a vulnerability since most of my private research has been done on very small projects, many of which were never released. Anyways, down to the vulnerability: Poster version.two privilege escalation: ======================================== Poster version.tw...
[SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor
Security Corporation Security Advisory SCSA-008 PROGRAM: PY-Livredor HOMEPAGE: http://www.py-scripts.com http://www.scripts-php.com VULNERABLE VERSIONS: v1.0 DESCRIPTION PY-Livredor is an easy guestbook script using Php4 and MySql with an administration which allow messages deletion. DETAILS A...
FW: Re[2]: SECURITY.NNOV: Kaspersky Antivirus DoS
Dear Symantec - I will rely on the Bugtraq moderator to help steer this process appropriately in the public forum delay post, etc since I am inexperienced in these matters. There appears to possibly be three DoS vulnerabilities in at least one Symantec AntiVirus product. Initial report from Zaraz...
CVE-2002-2398
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter...
wbboard 1.1.1 Cross Site Scripting Vulnerability
wbboard 1.1.1 Cross Site Scripting Vulnerability - ------------------------- Affected program : wbboard 1.1.1 is a phpBB-like PHP forum Vendor : http://www.woltlab.de/ Vulnerability-Class : Cross Site Scripting CSS OS specific : No Problem-Type : Joke severity : No risk SUMMARY 1.WBBoard allowed ...
CVE-2002-0008
Bugzilla before 2.14.1 allows remote attackers to 1 spoof a user comment via an HTTP request to processbug.cgi using the "who" parameter, instead of the Bugzillalogin cookie, or 2 post a bug as another user by modifying the reporter parameter to enterbug.cgi, which is passed to postbug.cgi...