Design/Logic Flaw

Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a w...

CVE-2009-1599

Summary: CVE-2009-1599 concerns a PDF-related JavaScript security bypass in Opera. The vulnerability arises when a javascript: URI is executed from the target attribute of a submit button inside a form contained in an inline PDF, potentially bypassing Adobe Acrobat JavaScript restrictions on acce...

CVE-2008-5977

SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action...

Cross site scripting

Cross-site scripting XSS vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 Links and 2 Links Submit pages...

CVE-2008-2557

Cross-site scripting XSS vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 Links and 2 Links Submit pages...

CVE-2008-2557

The CVE-2008-2557 entry affects CRE Loaded versions 6.2.13.1 and earlier, with a Cross-Site Scripting (XSS) vulnerability exploitable via the Links and Links Submit pages. The underlying issue is an injected web script or HTML due to improper input handling on these pages, enabling arbitrary scri...

CVE-2008-2557

Cross-site scripting XSS vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 Links and 2 Links Submit pages...

Unfixed XSS vulnerability at www.coasttocoastam.com

Security researcher Azat Harutyunyan, has submitted on 28/05/2008 a cross-site-scripting XSS vulnerability affecting www.coasttocoastam.com, which at the time of submission ranked 7598 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/06/2008...

CVE-2008-1550

Multiple cross-site scripting XSS vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via 1 the a parameter in a searchStr action and the 2 Submit parameter...

exv2myannonces-sql.txt

Powered by eXV2 MyAnnonces 1.8 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAİL : [email protected] DORK 1 : eXV2 MyAnnonces EXPLOIT :...

eXV2 Module MyAnnonces (lid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== eXV2 Module MyAnnonces lid Remote SQL Injection Vulnerability =============================================================== Powered by eXV2 MyAnnonces 1.8 SQL Injection DORK...

exv2viso-sql.txt

Powered by eXV2 Viso 2.03 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAİL : [email protected] DORKS 1 : allinurl :"modules/viso" EXPLOIT 1 :...

eXV2 Module eblog 1.2 (blog_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== eXV2 Module eblog 1.2 blogid Remote SQL Injection Vulnerability ================================================================== Powered by eXV2 eblog 1.2 SQL Injection...

Unfixed XSS vulnerability at www.killamtrusts.ca

Security researcher CCC, has submitted on 22/11/2007 a cross-site-scripting XSS vulnerability affecting www.killamtrusts.ca, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/11/2007. It is currently...

Unfixed XSS vulnerability at www.lalogotheque.com

Security researcher unkn0wn @ toxcrew.com, has submitted on 26/10/2007 a cross-site-scripting XSS vulnerability affecting www.lalogotheque.com, which at the time of submission ranked 77076 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Unfixed Redirect vulnerability at www.pkkgercegi.net

Security researcher st@rext, has submitted on 28/09/2007 a Redirect vulnerability affecting www.pkkgercegi.net, which at the time of submission ranked 561691 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/10/2007. It is currently unfixed. I...

Article Directory - 'index.php' Remote File Inclusion

dork:inurl:index.php%"Submit%Articles"%"Member%Login"%"Top%Authors" dork:inurl:index.php?pagedb=rss expl:index.php?page=shell? original post:http://darkcode.ath.cx/f0rum/ind3x.php?action=vthread&forum=12&topic=114 author:[email protected] greetz:d3hydr8, whoami pace milw0rm.com 2007-07-24...

Unfixed XSS vulnerability at pg.sitebase.net

Security researcher Darkster, has submitted on 07/08/2007 a cross-site-scripting XSS vulnerability affecting pg.sitebase.net, which at the time of submission ranked 102131 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is...

XOOPS Module icontent 1.0 Remote File Inclusion Exploit

No description provided by source. html head meta http-equiv="Content-Type" content="text/html; charset=windows-1254" titleXOOPS Module icontent v.1.0 Remote File Inclusion Exploit/title script language="JavaScript"...

CVE-2007-2977

Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information...