Unfixed XSS vulnerability at www.plastics.org.nz

Security researcher koolkeith12345, has submitted on 16/01/2008 a cross-site-scripting XSS vulnerability affecting www.plastics.org.nz, which at the time of submission ranked 6701844 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/02/2008. I...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to 1 listsystem.jsp, 2 listpktfilter.jsp, 3 listltm.jsp, 4 resourcesaudit.jsp, a...

CVE-2008-0265

Multiple cross-site scripting XSS vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to 1 listsystem.jsp, 2 listpktfilter.jsp, 3 listltm.jsp, 4 resourcesaudit.jsp, a...

CVE-2008-0265

F5 BIG-IP TMUI (Configuration utility) contains multiple XSS vulnerabilities (CVE-2008-0265) in the SearchString parameter across several list JSPs (list_system.jsp, list_pktfilter.jsp, list_ltm.jsp, resources_audit.jsp, list_asm.jsp, and list.jsp in various dirs). The issue affects BIG-IP LTM/GT...

f5-xss.txt

F5 BIG-IP Web Management List Search XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a cross-site scripting vulnerability in the Search function present on several list-like pages. Parameter SearchString is not sanitized before it gets...

Unfixed XSS vulnerability at www.avh.asso.fr

Security researcher ironzorg, has submitted on 01/08/2008 a cross-site-scripting XSS vulnerability affecting www.avh.asso.fr, which at the time of submission ranked 919296 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/08/2008. It is...

Wordpress <= 2.3.1 Charset Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= Wordpress Affected version: WordPress = 2.3.1 Exploit type: Remote Risk: Moderate CVE: pending 1. Summary 2. Detail 3. Proof of concept 4. Workaround 1. Summary Quoting from...

CVE-2007-5932

Multiple cross-site scripting XSS vulnerabilities in Fatwire Content Server CS CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the 1 search function, 2 advanced search function, and possibly other components...

CVE-2007-5932

Multiple cross-site scripting XSS vulnerabilities in Fatwire Content Server CS CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the 1 search function, 2 advanced search function, and possibly other components...

MiniBB 2.1 - table SQL Injection

MiniBB 2.1 - table SQL Injection vuln.: miniBB 2.1 table Remote SQL Injection Exploit download: http://www.minibb.net/download.php?file=minibb21 dork: "These forums are running on" "miniBB" author: [email protected] greets to: str0ke, polish under :...

Unfixed XSS vulnerability at www.ddlbyte.com

Security researcher flux, has submitted on 27/09/2007 a cross-site-scripting XSS vulnerability affecting www.ddlbyte.com, which at the time of submission ranked 91044 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2007. It is currently...

GetMyOwnArcade (search.php query) Remote SQL Injection Vulnerability

No description provided by source. GetMyOwnArcade search.php $query SQL-Injection Discovered By: RoXur777 August 11th 2007 Google-Dork: "Powered by GetMyOwnArcade" / $query is not being filtered before getting passed to a query. Therefore, we can inject SQL code into the SQL-Query. Using...

CVE-2007-4075

Cross-site scripting XSS vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Unfixed XSS vulnerability at www.multiserve.co.nz

Security researcher CoNqUeRoR, has submitted on 26/07/2007 a cross-site-scripting XSS vulnerability affecting www.multiserve.co.nz, which at the time of submission ranked 4110209 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is...

Cross site scripting

Cross-site scripting XSS vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function...

CVE-2007-3693

Cross-site scripting XSS vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function...

rpm2html 1.6 XSS Vulnerability

----------------------------------------------------------------------| My Name: Vladiii | My Country: Romania | My Site: http://www.rstzone.net | My Team: I hope to enter in RST-Crew : | Contact me: [email protected] | Special Shoutz: kw3rln fluffybunny, floflowsupremacy, mozi2weed, | & all...

CVE-2007-1903

Cross-site scripting XSS vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter...

Cross site scripting in mephisto 0.7.3

Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com https://vulners.com/cve/CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal sessio...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...