Announcing the VMware vExpert Security Program!

We’re excited to share that the VMware Security Products Team and Carbon Black is announcing a new Security vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge of VMware technologies with the...

Underground Security Forums : Poisonhack.info & Team-xpc.com Hacked by 0p3nH4x !

Underground Security Forums : Poisonhack.info & Team-xpc.com Hacked by 0p3nH4x ! 0p3nH4x Team of Hackers , Hack two big Underground Security websites : Poisonhack.info & Team-xpc.com , who call them self as "Security Expert". 0p3nH4x hack them and provide all Hack details at . Submitted By : 0p3n...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Privilege escalation: User is able to add a page to his watchlist without having the permission

Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...

[Full-disclosure] HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection

------------------------------------------------------ HYSA-2006-008 h4cky0u.org Advisory 017 ------------------------------------------------------ Date - Wed May 17 2006 TITLE: ====== myBloggie 2.1.3 CRLF & SQL Injection SEVERITY: ========= Medium SOFTWARE: ========= myBloggie 2.1.3...

phpBannerExchange 2.0 Directory Traversal Vulnerability

------------------------------------------------------ HYSA-2006-004 h4cky0u.org Advisory 013 ------------------------------------------------------ Date - Tue Mar 07 2006 TITLE: ====== phpBannerExchange 2.0 Directory Traversal Vulnerability SEVERITY: ========= High SOFTWARE: =========...

[Full-disclosure] HYSA-2005-009 Elite Forum 1.0.0.0 XSS Vulnerability

------------------------------------------------------ HYSA-2005-009 h4cky0u.org Advisory 009 ------------------------------------------------------ Date - Tue Nov 1 2005 TITLE: ====== Elite Forum 1.0.0.0 XSS Vulnerability SEVERITY: ========= Medium SOFTWARE: ========= Elite Forum 1.0.0.0 INFO:...

lduSQL.txt

TITLE: ====== Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities SEVERITY: ========= Medium SOFTWARE: ========= Land Down Under version 801 and prior Support Website : http://www.neocrome.net INFO: ===== Land Down Under is a multiple portal system which includes many different...

phpfreenews140.txt

PHPFreeNews V1.40 and prior Multiple Vulnerabilities SEVERITY: ========= High SOFTWARE: ========= PHPFreeNews http://www.phpfreenews.co.uk/ INFO: ===== PHPFreeNews is a free PHP Script which allows you to display news headlines and articles on your website. DESCRIPTION: ============ PHPFreeNews...

w-agora 4.2.0 and prior Remote Directory Travel Vulnerability

w-agora 4.2.0 and prior Remote Directory Travel Vulnerability SEVERITY: ========= High SOFTWARE: ========= w-agora 4.2.0 http://w-agora.net INFO: ===== w-agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other...