49 matches found
EUVD-2007-2851
Malware in sbrugna...
EUVD-2007-5111
Malware in sbrugna...
EUVD-2005-0787
Malware in sbrugna...
EUVD-2007-5108
Malware in sbrugna...
SimpGB 1.0 Guestbook.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12801/info SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a S...
SimpGB 1.46.2 admin/emoticonlist.php l_emoticonlist Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/25808/info SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
SimpGB 1.46.2 admin/ Default URI l_username Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/25808/info SimpGB is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
Новые уязвимости в SimpGB
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force, Insufficient Anti-automation и Abuse of Functionality уязвимостях в SimpGB. XSS WASC-08: POST запрос на странице http://site/guestbook.php в параметрах poster, postingid и location в функции Preview. Если в...
SimpGB 1.49.2 - 'Guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/46033/info SimpGB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
SimpGB 1.49.2 - Guestbook.php Multiple Cross-Site Scripting Vulnerabilities
SimpGB 1.49.2 - Guestbook.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/46033/info SimpGB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
SimpGB 1.49.02 Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting, Brute Force, Insufficient Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. ------------------------- Affected products: ------------------------- Vulnerable are SimpGB v1.49.02 and previous versions. ---------- Detail...
SimpGB 1.37.3 Cross Site Scripting
Hello Full-Disclosure! I want to warn you about security vulnerabilities in SimpGB. Earlier I already wrote about other vulnerabilities in SimpGB - SecurityVulns ID: 10412 http://securityvulns.ru/news/CGI/2009.11.19.html. ----------------------------- Advisory: Cross-Site Scripting vulnerabilitie...
Cross-Site Scripting vulnerabilities in SimpGB
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting persistent XSS уязвимостях в SimpGB. Ранее я уже сообщал о других уязвимостях в SimpGB http://securityvulns.ru/news/CGI/2009.11.19.html. XSS: Это Persistent XSS в трёх функционалах веб приложения. POST запрос на страницах:...
Vulnerabilities in SimpGB
Hello 3APA3A! I want to warn you about security vulnerabilities in SimpGB. These are Full path disclosure, Insufficient Anti-automation and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/admin/index.php?lang=1 http://site/admin/pwlost.php?lang=1...
Design/Logic Flaw
SimpGB 1.46.02 allows remote attackers to obtain sensitive information via 1 an invalid lang parameter to admin/index.php or 2 a direct request to admin/trailer.php, which reveals the path in various error messages...
CVE-2007-5130
SimpGB 1.46.02 allows remote attackers to obtain sensitive information via 1 an invalid lang parameter to admin/index.php or 2 a direct request to admin/trailer.php, which reveals the path in various error messages...
CVE-2007-5129
SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 obtain sensitive configuration information via a direct request for admin/cfginfo.php; and 2 download arbitrary .inc files via a direct request, as demonstrated by...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via 1 the lusername parameter to the default URI under admin/ or 2 the lemoticonlist parameter to admin/emoticonlist.php...
CVE-2007-5127
Multiple cross-site scripting XSS vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via 1 the lusername parameter to the default URI under admin/ or 2 the lemoticonlist parameter to admin/emoticonlist.php...
CVE-2007-5127
CVE-2007-5127 describes multiple XSS vulnerabilities in SimpGB 1.46.02 . The issues allow remote attackers to inject arbitrary JavaScript/HTML via two parameters: (1) l_username in the default admin/ URI and (2) l_emoticonlist in admin/emoticonlist.php. The root cause is unsanitized/unvalidated i...