6433 matches found
[Full-Disclosure] STG Security Advisory: [SSA-20030701-02] Verity K2 Toolkit Query Builder XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20030701-02 Verity K2 Toolkit Query Builder XSS Vulnerability Revision 1.0 Date Published: 2003-07-01 KST Last Update: 2003-07-01 Disclosed by SSR Team [email protected] Summary =================== Verity's K2 Toolkit...
STG-Jeus-Eng.txt
STG Security Advisory: JEUS Web Application Server Cross Site Scripting Vulnerability Revision: 1.1 Date Published: 2003-06-17 KST Last Update: 2003-06-17 Product Description ========= JEUS Java Enterprise User Solution is a J2EE compatible web application server, developed by Tmax Soft, providin...
Multiple buffer overflows and XSS in Kerio MailServer
Issue : Multiple buffer overflows and XSS in Kerio MailServer Version affected 5.6.3 last in kerio website Vendor status : Vendor was notified Description : Kerio develop a mail server with support for Imap , Pop3, Smtp and SSL protocols . Besides , it includes a webmail . This webmail is...
phpBB 2.0.5 - SQL Injection Password Disclosure
!/usr/bin/perl -w phpBB password disclosure vuln. - rick patel There is a sql injection vuln which exists in /viewtopic.php file. The variable is $topicid which gets passed directly to sql server in query. Attacker could pass a special sql string which can used to see md5 password hash for any us...
Sphera Hosting Director Control Panel Multiple Vulnerabilities: XSS-Session Hijacking-DoS/Buffer Overflow-Another User Accounts access
-------------------- Product: SPHERA HostingDirector and Final User VDS Control Panel Hosting Control Panel Vendor: SPHERA Versions: VULNERABLE - 3.x - 2.x - 1.x NOT VULNERABLE - ? --------------------- Description: HostingDirector comprises three fundamental components that are integrated to...
Cross site scripting in Post-Nuke
Issue : Cross site scripting in Post-Nuke Version affected : Post Nuke 0.7.2.3-Phoenix Description : Post-Nuke is a content management system that allow you to deploy a website easily . Its developers claim that their product is more secure than competitors . I found three places when a script ca...
Netdynamics ndcgi.exe Previous User Session Replay
The file ndcgi.exe exists on this web server. Some versions of this file are vulnerable to remote exploit. As Nessus solely relied on the existence of the ndcgi.exe file, this might be a false positive %NASLMINLEVEL 70300 This script was written by John [email protected] See the Nessus...
Maxwebportal 1.30 - Remote Database Disclosure
Maxwebportal 1.30 - Remote Database Disclosure source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting...
iPlanet Messaging Server 5.0/5.1 - HTML Attachment Cross-Site Scripting
source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a malicious HTML file may be used to...
XSS In Neoteris IVE Allows Session Hijacking
Note to Moderator: In light of some recent cross-site scripting posts allowed through to Bugtraq recently, grateful if you would pass this one onto the list....thanks. -d. ----------------------------------------------------------------------------------------------------=sMax. Security Advisory=...
Neoteris IVE swsrv.cgi XSS
The remote host is running the Neoteris IVE. There is a cross-site scripting issue in this server in the CGI swsrv.cgi that could allow an attacker to perform a session hijacking. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref : Date: Tue, 6 May 2003 19:14:40 -0700 PDT From: Dave Palumb...
CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit
Exploit for linux platform in category remote exploits ======================================================= CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit ======================================================= !/usr/bin/perl Below is exploit code. Place it into cgi-bin, then...
CommuniGate Pro Webmail 4.0.6 - Session Hijacking
!/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your AnyImage.gif. When victim will read message, script will...
CommuniGate Pro Webmail 4.0.6 - Session Hijacking
CommuniGate Pro Webmail 4.0.6 - Session Hijacking !/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your...
Session Hijacking in CommunigatePro
In webmail interface session identifier is passed to server as a part of GET requiest, thouse may be discovered by third party via Referer: field...
CommuniGatePro 4.0.6 [EXPLOIT]
Vulnerability in CommuniGatePro webmail under some circumstances may allow attacker to get access to users mailbox. Object: CommuniGatePro version 4.0.6 and earlier. Not vulnerable according to Stalker.com 4.1b2 with UseCookies option Vendor: Stalker Software Inc. www.stalker.com Description:...
CommuniGate Pro Referer Field Session Token Disclosure
The remote install of CommuniGate Pro, according to its version number, is vulnerable to a flaw that could allow a remote attacker to access the mailbox of a targeted user. To exploit such a flaw, an attacker needs to send an email to its victim with a link to an image hosted on a rogue server th...
PHP-Nuke Splatt Forum 4.0 Module - HTML Injection
PHP-Nuke Splatt Forum 4.0 Module - HTML Injection source: https://www.securityfocus.com/bid/7484/info A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization...
PHP-Nuke Splatt Forum 4.0 Module - HTML Injection
source: https://www.securityfocus.com/bid/7484/info A problem with Splatt Forum could allow remote users to execute arbitrary code in the context of the web site running the Splatt Forum module. The problem occurs due to the lack of sanitization performed on character representations of HTML tags...
Onecenter Forum 4.0 - IMG Tag Script Injection
Onecenter Forum 4.0 - IMG Tag Script Injection source: https://www.securityfocus.com/bid/7441/info OneCenter ForumOne 4.0 is a full-featured, web-based group discussion forum. A problem with Onecenter ForumOne could allow remote users to execute arbitrary code in the context of the web site hosti...