254 matches found
Piwigo 2.0.6 - Multiple Vulnerabilities
Piwigo 2.0.6 - Multiple Vulnerabilities Piwigo v2.0.6 Multiple Vulnerabilities Found By: mrme Download: http://piwigo.org/ Tested On: Windows Vista Note: For educational purposes only Vulnerabilities: XSS, CSRF, SQL Injection Author contact date: 13/12/09 Note: There is possibly many other...
CVE-2008-7048
Multiple cross-site scripting XSS vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 txtUsername parameter to registerDo.asp, as invoked from register.asp, or 2 txtRoomName parameter to roomnew.asp. NOTE: these issues might be resultant from...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 txtUsername parameter to registerDo.asp, as invoked from register.asp, or 2 txtRoomName parameter to roomnew.asp. NOTE: these issues might be resultant from...
CVE-2008-7048
Multiple cross-site scripting XSS vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 txtUsername parameter to registerDo.asp, as invoked from register.asp, or 2 txtRoomName parameter to roomnew.asp. NOTE: these issues might be resultant from...
CVE-2008-7048
CVE-2008-7048 concerns NatterChat 1.12 with multiple XSS vulnerabilities (and related SQL injection concerns in some descriptions). The OpenVAS entries confirm vulnerabilities in NatterChat, including XSS and SQLi vectors, specifically via the txtUsername parameter to registerDo.asp (triggered fr...
Fedora 9 : phpMyAdmin-3.0.1.1-1.fc9 (2008-9316)
This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmdpdf.php via db parameter when registerglobals is enabled. - GUI SQL error after sorting a subset - lang Catalan update - lang Russian update - import Temporary uploaded file not deleted - auth Cannot create...
Fedora 8 : phpMyAdmin-3.0.1.1-1.fc8 (2008-9336)
This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmdpdf.php via db parameter when registerglobals is enabled. - GUI SQL error after sorting a subset - lang Catalan update - lang Russian update - import Temporary uploaded file not deleted - auth Cannot create...
Galerie 3.2 (pic) WBB Lite Addon Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl Galerie 3.2 galerie.php Remote "Blind" SQL Injection found by: J0hn.X3r exploit written by: J0hn.X3r and electron1x Date: 05.10.2008 Dork: "Galerie 3.2 © 2004 by progressive" Contact: J0hn.X3r + ICQ: 573813 + Mail: J0hn.X3ratgmail.com electron1x ...
FreeBSD Ports: freeradius
The remote host is missing an update to the system as announced in the referenced advisory. VID ec2f2ff5-f710-11da-9156-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
mymarket-blindsql.txt
!/usr/bin/perl MyMarket 1.72 Blind SQL Injection Exploit Bug by: h0yt3r Demo: http://mymarket.sourceforge.net/demo/shopping/ http://www.site.de/mymarket/shopping/?id=bluah Ok when we give $id an unexpected value like this we get an SQL Error. Union selecting seems not possible... Exploit needs a...
Oxygen 2.0 (repquote) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================== Oxygen 2.0 repquote Remote SQL Injection Vulnerability ======================================================== Oxygen 2.0 SQL Injection Vulnerability Bug by: h0yt3r This Board...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...
CVE-2008-2181
Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via 1 a forced SQL error message or 2 oldvalue and newvalue database fields in task summaries, related to the itemsummary parameter in a details action...
CVE-2008-1165
Multiple cross-site scripting XSS vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via 1 a forced SQL error message or 2 oldvalue and newvalue database fields in task summaries, related to the itemsummary parameter in a details action...
CVE-2008-1165
Flyspray 0.9.9–0.9.9.4 is affected by multiple XSS vulnerabilities. The issues arise from improper sanitization in task summaries and related parameters: (1) forced SQL error messages, (2) old_value/new_value fields, and specifically the item_summary parameter in index.php?do=details. These flaws...
CVE-2008-0605
Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...
CVE-2008-0605
Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...
litecommerce 2004 (category_id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================== litecommerce 2004 categoryid Remote SQL Injection Vulnerability ================================================================== litecommerce Copyright © 2004 - Remote S...