Crafty Syntax Live Help 2.14.6 - livehelp_js.php Cross-Site Scripting

Crafty Syntax Live Help 2.14.6 - livehelpjs.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30543/info Crafty Syntax Live Help CSLH is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...

[SECURITY] Fedora 9 Update: pcre-7.3-4.fc9

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

SyntaxCMS 1.3 - 'FCKeditor' Arbitrary File Upload

special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in the exploit in the line : "POST $pathpublic/fckeditor/editor/filemanager/upload/php/upload.php - vulnerable code in...

syntaxcms-upload.txt

special THanks to EgiX For the Exploit Code author...: Stack mail.....: Ev!L descr: if the web site change the name of path or path is /public/ you can delet /public/ in the exploit in the line : "POST $pathpublic/fckeditor/editor/filemanager/upload/php/upload.php - vulnerable code in...

RunCMS 1.6.1 - msg_image SQL Injection

RunCMS 1.6.1 - msgimage SQL Injection !/usr/bin/python """ ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / /...

CVE-2008-1183

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

CVE-2008-1183

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

CVE-2008-1183

CVE-2008-1183 documents multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax Live Help (CSLH) prior to 2.14.6. The affected components are the web endpoints (livehelp.php, user_questions.php, leavemessage.php) where unspecified parameters can be exploited to inject script/HTML. Th...

CVE-2008-0848

Cross-site scripting XSS vulnerability in lostsheep.php in Crafty Syntax Live Help CSLH before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect...

Cross site scripting

Cross-site scripting XSS vulnerability in lostsheep.php in Crafty Syntax Live Help CSLH before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect...

CVE-2008-0848

Cross-site scripting XSS vulnerability in lostsheep.php in Crafty Syntax Live Help CSLH before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect...

CVE-2008-0848

Crafty Syntax Live Help (CSLH) is affected by CVE-2008-0848 due to an XSS vulnerability in lostsheep.php present in versions before 2.14.16. The entry states remote attackers can inject arbitrary script or HTML via unspecified vectors. The notes mention possible inaccuracies in the researcher’s v...

[SECURITY] Fedora 8 Update: pcre-7.3-3.fc8

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Crafty Syntax Xss Vulnerability

Crafty Syntax Live Help is an open source help desk system built mainly for small-mid sized companies. The software includes an xss vulnerability on lostsheep.php module. Versions effected: 2.4.13 - 2.4.14 -- Ozgur Ozdemircili CCNA, HIPAA, OPSEC, Open Source Security Systems...

Fedora 7 : duplicity-0.4.9-1.fc7 (2008-1584)

WARNING: Command line syntax incompatibility! See e.g. https://www.redhat.com/archives/epel-devel-list/2008-February/msg00056 .html for furhter information. - Upgrade to 0.4.9 - Duplicity discloses password in FTP backend CVE-2007-5201 - Several bug and problem fixes Note that Tenable Network...

Debian Security Advisory DSA 058-1 (exim)

The remote host is missing an update to exim announced via advisory DSA 058-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : Samba (ZYPP Patch Number 1961)

Fix pam config file parsing in pamwinbind; bso 3916. - Prevent potential crash in winbindd's credential cache handling; 184450. - Fix memory exhaustion DoS; CVE-2006-3403; 190468. - Fix the munlock call, samba.org svn rev r16755 from Volker. - Change the kerberos principal for LDAP authentication...

Hack explore of browser execute exe files-bug warning-the black bar safety net

A: really can in the browser command file? The answer is Yes. But don't happy, can only be performed server-side, but is must be authorized. Otherwise the server think the Black you're too easy, who would dare to look at me, I just formatted who. Two: he is how to achieve. Is against the asp file...

openSUSE 10 Security Update : apparmor (apparmor-1842)

This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution 'ux' of a child binary it was possible to inject code via LDPRELOAD or similar...