Lucene search
+L

6433 matches found

securityvulns
securityvulns
added 2003/07/02 12:0 a.m.38 views

[Full-Disclosure] STG Security Advisory: [SSA-20030701-02] Verity K2 Toolkit Query Builder XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20030701-02 Verity K2 Toolkit Query Builder XSS Vulnerability Revision 1.0 Date Published: 2003-07-01 KST Last Update: 2003-07-01 Disclosed by SSR Team [email protected] Summary =================== Verity's K2 Toolkit...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2003/06/21 12:0 a.m.41 views

STG-Jeus-Eng.txt

STG Security Advisory: JEUS Web Application Server Cross Site Scripting Vulnerability Revision: 1.1 Date Published: 2003-06-17 KST Last Update: 2003-06-17 Product Description ========= JEUS Java Enterprise User Solution is a J2EE compatible web application server, developed by Tmax Soft, providin...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/21 12:0 a.m.36 views

Multiple buffer overflows and XSS in Kerio MailServer

Issue : Multiple buffer overflows and XSS in Kerio MailServer Version affected 5.6.3 last in kerio website Vendor status : Vendor was notified Description : Kerio develop a mail server with support for Imap , Pop3, Smtp and SSL protocols . Besides , it includes a webmail . This webmail is...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/20 12:0 a.m.54 views

phpBB 2.0.5 - SQL Injection Password Disclosure

!/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string which can used to see md5 password hash for any us...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/14 12:0 a.m.33 views

Sphera Hosting Director Control Panel Multiple Vulnerabilities: XSS-Session Hijacking-DoS/Buffer Overflow-Another User Accounts access

-------------------- Product: SPHERA HostingDirector and Final User VDS Control Panel Hosting Control Panel Vendor: SPHERA Versions: VULNERABLE - 3.x - 2.x - 1.x NOT VULNERABLE - ? --------------------- Description: HostingDirector comprises three fundamental components that are integrated to...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/14 12:0 a.m.34 views

Cross site scripting in Post-Nuke

Issue : Cross site scripting in Post-Nuke Version affected : Post Nuke 0.7.2.3-Phoenix Description : Post-Nuke is a content management system that allow you to deploy a website easily . Its developers claim that their product is more secure than competitors . I found three places when a script ca...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/06/11 12:0 a.m.72 views

Netdynamics ndcgi.exe Previous User Session Replay

The file ndcgi.exe exists on this web server. Some versions of this file are vulnerable to remote exploit. As Nessus solely relied on the existence of the ndcgi.exe file, this might be a false positive %NASLMINLEVEL 70300 This script was written by John [email protected] See the Nessus...

7.5CVSS5.5AI score0.01571EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/06/06 12:0 a.m.11 views

Maxwebportal 1.30 - Remote Database Disclosure

Maxwebportal 1.30 - Remote Database Disclosure source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/27 12:0 a.m.25 views

iPlanet Messaging Server 5.0/5.1 - HTML Attachment Cross-Site Scripting

source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/05/14 12:0 a.m.41 views

XSS In Neoteris IVE Allows Session Hijacking

Note to Moderator: In light of some recent cross-site scripting posts allowed through to Bugtraq recently, grateful if you would pass this one onto the list....thanks. -d. ----------------------------------------------------------------------------------------------------=sMax. Security Advisory=...

6.8CVSS0.9AI score0.01321EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/05/14 12:0 a.m.36 views

Neoteris IVE swsrv.cgi XSS

The remote host is running the Neoteris IVE. There is a cross-site scripting issue in this server in the CGI swsrv.cgi that could allow an attacker to perform a session hijacking. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref : Date: Tue, 6 May 2003 19:14:40 -0700 PDT From: Dave Palumb...

6.8CVSS5.1AI score0.01321EPSS
Exploits0References2
0day.today
0day.today
added 2003/05/05 12:0 a.m.31 views

CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit

Exploit for linux platform in category remote exploits ======================================================= CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit ======================================================= !/usr/bin/perl Below is exploit code. Place it into cgi-bin, then...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/05 12:0 a.m.79 views

CommuniGate Pro Webmail 4.0.6 - Session Hijacking

!/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your AnyImage.gif. When victim will read message, script will...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/05/05 12:0 a.m.24 views

CommuniGate Pro Webmail 4.0.6 - Session Hijacking

CommuniGate Pro Webmail 4.0.6 - Session Hijacking !/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2003/05/05 12:0 a.m.31 views

Session Hijacking in CommunigatePro

In webmail interface session identifier is passed to server as a part of GET requiest, thouse may be discovered by third party via Referer: field...

2.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/05/05 12:0 a.m.32 views

CommuniGatePro 4.0.6 [EXPLOIT]

Vulnerability in CommuniGatePro webmail under some circumstances may allow attacker to get access to users mailbox. Object: CommuniGatePro version 4.0.6 and earlier. Not vulnerable according to Stalker.com 4.1b2 with UseCookies option Vendor: Stalker Software Inc. www.stalker.com Description:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/05/05 12:0 a.m.29 views

CommuniGate Pro Referer Field Session Token Disclosure

The remote install of CommuniGate Pro, according to its version number, is vulnerable to a flaw that could allow a remote attacker to access the mailbox of a targeted user. To exploit such a flaw, an attacker needs to send an email to its victim with a link to an image hosted on a rogue server th...

5.8CVSS5.6AI score0.01835EPSS
Exploits1References2
exploitpack
exploitpack
added 2003/05/01 12:0 a.m.14 views

PHP-Nuke Splatt Forum 4.0 Module - HTML Injection

PHP-Nuke Splatt Forum 4.0 Module - HTML Injection source: https://www.securityfocus.com/bid/7484/info A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/01 12:0 a.m.25 views

PHP-Nuke Splatt Forum 4.0 Module - HTML Injection

source: https://www.securityfocus.com/bid/7484/info A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization performed on character representations of HTML tags...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/04/25 12:0 a.m.20 views

Onecenter Forum 4.0 - IMG Tag Script Injection

Onecenter Forum 4.0 - IMG Tag Script Injection source: https://www.securityfocus.com/bid/7441/info OneCenter ForumOne 4.0 is a full-featured, web-based group discussion forum. A problem with Onecenter ForumOne could allow remote users to execute arbitrary code in the context of the web site hosti...

7.7AI score
Exploits0
Rows per page
Query Builder