43 matches found
CVE-2011-5303
CVE-2011-5303 affects Spitfire CMS 1.0.436 with a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the cms_username cookie. Root cause: XSS in handling the cms_username parameter. The connected records corroborate the vulnerability across mul...
CVE-2011-5303
Cross-site scripting XSS vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cmsusername cookie...
SpitFire Photo Pro 'pages.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32012/info SpitFire Photo Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Spitfire CMS 1.1.4 - Cross-Site Request Forgery
Spitfire CMS 1.1.4 - Cross-Site Request Forgery Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/...
Spitfire CMS 1.1.4 - Cross-Site Request Forgery
Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected...
Spitfire CMS 1.0.436 Cross Site Scripting
Vulnerability ID: HTB22903 Reference: http://www.htbridge.ch/advisory/xssinspitfirecms.html Product: Spitfire CMS Vendor: Spitfire http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.436 Vendor Notification: 15 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Bridge SA -...
HTB22903: XSS in Spitfire CMS
Vulnerability ID: HTB22903 Reference: http://www.htbridge.ch/advisory/xssinspitfirecms.html Product: Spitfire CMS Vendor: Spitfire http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.436 Vendor Notification: 15 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Bridge SA -...
Spitfire 1.0.3x - cms_username Cross-Site Scripting
Spitfire 1.0.3x - cmsusername Cross-Site Scripting source: https://www.securityfocus.com/bid/47077/info Spitfire is prone to a cross-site scripting vulnerability. because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scrip...
Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47077/info Spitfire is prone to a cross-site scripting vulnerability. because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...
Cross-site Scripting (XSS) Vulnerability in Spitfire
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Spitfire which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Spitfire The vulnerability exists due to input sanitation error in the " cmsusername " cookie in...
XSS vulnerability in Spitfire
Vulnerability ID: HTB22485 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire2.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...
XSS vulnerability in Spitfire
Vulnerability ID: HTB22486 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire3.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...
XSS vulnerability in Spitfire
Vulnerability ID: HTB22482 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...
XSS vulnerability in Spitfire search
Vulnerability ID: HTB22483 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfiresearch.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Si...
Spitfire 1.0.336 Cross Site Scripting
============================================================ Vulnerability ID: HTB22482 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor...
XSS vulnerability in Spitfire
Vulnerability ID: HTB22484 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire1.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor Notification: 08 July 2010 Vulnerability Type: XSS Cross Site...
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/41885/info Claus Muus Spitfire is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/41885/info Claus Muus Spitfire is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...
Spitfire 1.0.381 - Cross-Site Scripting Cross-Site Request Forgery
Spitfire 1.0.381 - Cross-Site Scripting Cross-Site Request Forgery source: https://www.securityfocus.com/bid/41701/info Spitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute arbitrary scri...
Spitfire 1.0.381 - Cross-Site Scripting / Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/41701/info Spitfire is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of th...