VP-ASP Shopping Cart 6.50 ShopContent.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24033/info VP-ASP Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...

ClonusWiki 0.5 Index.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24101/info ClonusWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

GaliX 2.0 Index.PHP Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

vonage-default.txt

Vonage VoIP Telephone Adapter Default Misconfiguration The Vonage VoIP Telephone Adapter device is, by default, accessible from the WLAN/internet. The product ships with the default username of 'user' and default password of 'user' to access the administrative backend. Users are suggested to upda...

RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability

SalesCart Shopping Cart - SQL Injection Vulnerability SalesCart does not sanitize any forms in cgi-bin/reorder2.asp, allowing an attacker to inject arbitrary SQL queries, as well as possible command execution. Google d0rk: "Sorry, you have no Items in your Shopping Cart !" inurl:cgi-bin/view1.asp...

RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities

PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities PsychoStats contains multiple cross-site scripting vulnerabilities that may be exploited through the URI. Vulnerable Files: awards.php, login.php, register.php, weapons.php - other files may also be susceptible to this vulnerabilit...

clonuswiki-xss.txt

ClonusWiki .5 - Cross-Site Scripting Vulnerability ClonusWiki .5 - Cross-Site Scripting Vulnerability discovered by John Martinelli of RedLevel Security Google d0rk: "ClonusWiki .5" intitle:"ClonusWiki" file index.php - variable query - method get "alert1"...

rmeasymail-xss.txt

RM EasyMail Plus - Cross-Site Scripting Vulnerability 2 This cross-site scripting vulnerability can be exploited if a client views an email with a specially crafted title. Vulnerable E-Mail Title: alert1 Vulnerable: RM EasyMail Plus Google d0rk: intitle:"Powered by RM EasyMail Plus" John Martinel...

hlstarts-xss2.txt

HLstats v1.35 - Cross-Site Scripting Vulnerability 2 HLstats v1.35 - Cross-Site Scripting Vulnerability 2 discovered by John Martinelli of RedLevel Security Google d0rk: "generated in real-time by HLstats" file hlstats.php - variable action - method get alert1"...

hlstats-xss.txt

HLstats v1.35 Cross-Site Scripting Vulnerability HLstats contains a cross-site scripting vulnerability that may be exploited through the URI. Vulnerability: http://target.com/hlstats/hlstats.php/"alert1 Vulnerable: HLstats v1.35 other versions may also be vulnerable Google d0rk: "generated in...

ClonusWiki 0.5 - index.php HTML Injection

ClonusWiki 0.5 - index.php HTML Injection source: https://www.securityfocus.com/bid/24101/info ClonusWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and...

GaliX 2.0 - index.php Multiple Cross-Site Scripting Vulnerabilities

GaliX 2.0 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...

vpasp-xss.txt

VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability VP-ASP Shopping Cart 6.50 - Cross-Site Scripting Vulnerability discovered by John Martinelli of RedLevel Security Google d0rk: intitle:"VP-ASP Shopping Cart 6.50" file shopcontent.asp - variable type - method get "...

GaliX 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other...

RedLevel Advisory #016 - HLstats v1.35 Cross-Site Scripting Vulnerability

HLstats v1.35 Cross-Site Scripting Vulnerability HLstats contains a cross-site scripting vulnerability that may be exploited through the URI. Vulnerability: http://target.com/hlstats/hlstats.php/"scriptalert1/script Vulnerable: HLstats v1.35 other versions may also be vulnerable Google d0rk:...

RedLevel Advisory #017 - HLstats v1.35 Cross-Site Scripting Vulnerability #2

!-- HLstats v1.35 - Cross-Site Scripting Vulnerability 2 Vulnerable Variable: action Vulnerable File: hlstats.php Vulnerable: HLstats 1.2 other versions may also be vulnerable Google d0rk: "generated in real-time by HLstats" John Martinelli [email protected] RedLevel Security...

VP-ASP Shopping Cart 6.50 - ShopContent.asp Cross-Site Scripting

VP-ASP Shopping Cart 6.50 - ShopContent.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/24033/info VP-ASP Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue t...

WordPress Theme Redoable 1.2 - 'header.php?s' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24037/info Redoable is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...