WikiNi-xss.txt

Hi, I've found 2 XSS vulns in WikiNi. The programmers have been contacted and the vulns addressed in version 0.4.4. The name parameter of page wakka.php is not properly sanitized: "alert'XSS Vulnerable';" The email parameter of page wakka.php is not properly sanitized: "alert'XSS Vulnerable';"...

WikiNi Multiple Cross Site Scripting Vulnerabilities

Hi, I've found 2 XSS vulns in WikiNi. The programmers have been contacted and the vulns addressed in version 0.4.4. The name parameter of page wakka.php is not properly sanitized: html body form method="POST" enctype="application/x-www-form-urlencoded" action="http://www.example.com/wakka.php"...

zenphoto1.0.2.txt

Vendor: zenphoto Vulnerable: zenphoto 1.0.2 beta and below The vendor has been warned and the vulnerabilities have been addressed in 1.0.3 beta. Path Disclosure --------------- http://www.example.com/photos/zen/i.php?a=EXISTINGALBUMNAME&i=EXISTINGIMAGENAME&s=thumb%00 which returns: Warning:...

NoahsClassifieds.txt

Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : alert'XSS Vulnerable';" Advisory: http://zone14.free.fr/advisories/5/ --Raphael HUCK...

Noah's Classifieds Cross Site Scripting Vulnerability

Noah's Classifieds is prone to a Cross Site Scripting Vulnerability, due to a failure in the application to properly sanitize the "frommethod" POST parameter in "index.php" : html body form method="POST" enctype="multipart/form-data" action="http://www.example.com/classifieds/index.php" input...