3392 matches found
PluggedOut Blog SQL vuln.
PluggedOut Blog SQL vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html vendor:www.pluggedout.com/index.php?pk=devblog affected version:1.9.4 , 1.9.5 and prior Product Description: Blog is an open source script you ca...
Hardened-PHP Project Security Advisory 2005-23.105
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in vTiger CRM Release Date: 2005/11/24 Last Modified: 2005/11/24 Author: Christopher Kunz Application: vTiger 4.2 and prior Severity: Cross-Site...
CVE-2005-3818
Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 various input fields, including the contact, lead, and first or last name fields, 2 the record parameter in a DetailView action in the Leads module f...
[SA17693] vtiger CRM Multiple Vulnerabilities
TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: From remote SOFTWARE...
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is pro...
CVE-2005-3085
Multiple cross-site scripting XSS vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 forum or 2 topic parameters...
CVE-2005-3085
Multiple cross-site scripting XSS vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 forum or 2 topic parameters...
CVE-2005-3085
The CVE-2005-3085 entry describes multiple cross-site scripting (XSS) vulnerabilities in Riverdark Studios’ RSS Syndicator module 2.1.7 (rss.php), allowing remote attackers to inject arbitrary web script or HTML via the forum or topic parameters. Affected component is rss.php within the RSS Syndi...
[SA16934] IPB Riverdark RSS Syndicator Module Cross-Site Scripting
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
riverdarkXSS.txt
DESCRIPTION:Riverdark RSS Syndicator v2.17 .This is a pretty basic little RSS syndication tool for Invision Power Board 2.0.0, which outputs the last x number of posts in an RSS 2.0 feed Vendor Page:http://www.riverdark.net/ VULNARBILITY:Cross Site Script...
ZipTorrent1.3.7.3.txt
/================================================================ ZipTorrent 1.3.7.3 Local Proxy Password Disclosure Exploit by Kozan Discovered & Coded by Kozan Credits to ATmaCA Web: www.spyinstructors.com Mail: [email protected] Application: -------------------- ZipTorrent 1.3.7.3 and...
CVE-2005-2515
The CVE-2005-2515 entry concerns Quartz Composer Screen Saver in Mac OS X 10.4.2. Affected component: the Screen Saver subsystem (Quartz Composer Screen Saver). Root cause / vulnerability: local users can access links from the RSS Visualizer even when a password is required, enabling partial conf...
CVE-2005-2515
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required...
CVE-2005-2515
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required...
Hardened-PHP Project Security Advisory 2005-11.59
Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in Contrexx Release Date: 2005/07/21 Last Modified: 2005/07/18 Author: Christopher Kunz Application: Contrexx 1.0.5 Severity: Cross-Site Scripting, SQL injection and information disclosure, passwo...
DEBIAN-CVE-2005-2110
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via 1 a direct request to menu-header.php or a "1" value in the feed parameter to 2 wp-atom.php, 3 wp-rss.php, or 4 wp-rss2.php, which reveal the path in an error message. NOTE: vector 1 was later reported to al...
CVE-2005-1695
Multiple cross-site scripting XSS vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the 1 rssurl parameter to magpieslashbox.php, or the url parameter to 2 magpiesimple.php or 3 magpiedebug.php...
CVE-2005-1697
The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simplesmarty.php, which reveals the path in an error message...
CVE-2005-1695
CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...
CVE-2005-1697
The CVE-2005-1697 issue affects PostNuke’s RSS module (versions 0.750 and 0.760 RC2/RC3). A direct request to simple_smarty.php exposes the installation path via an error message, enabling remote disclosure of sensitive information. Exploit details are not provided in the sources; no patch/versio...