53 matches found
Unfixed XSS vulnerability at www.arnhem.nl
Security researcher DexTeR, has submitted on 16/12/2010 a cross-site-scripting XSS vulnerability affecting www.arnhem.nl, which at the time of submission ranked 761734 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently...
Metinfo 3.0 Cross Site Scripting / File Disclosure
Exploit Title: metinfo3.0 Mullti Vulnerability Date : 10-11-2010 Author : anT!-Tr0J4n Version : 3.0 DorK : Powered by MetInfo 3.0 Home : www.Dev-PoinT.com : http://milw0rm.ws Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Vendor£ : http://www.metinfo.cn/ Greetz : Dev-PoinT.com ; GlaDiatOr...
Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability
Coppermine Photo Gallery 1.3.1 Remote File Inclusion Vulnerability DoRk:"Powered by Coppermine Photo Gallery" Vuln. code: requireonce"$sourcedir/Load.php";requireonce"$sourcedir/Security.php"; Exploit: www.server.com/path/bridge/yabbse.inc.php?sourcedir=Sh3LL Author:Ma$tEr-0F-De$a$t0r...
Cross site scripting
Cross-site scripting XSS vulnerability in error messages in Free LAN Intra|ternet Portal FLIP before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611...
CVE-2007-0695
Multiple SQL injection vulnerabilities in Free LAN Intra|ternet Portal FLIP before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escapesqlData, implodesql, and implodesqlIn functions, but these are protection schemes, not...
Sql injection
Multiple SQL injection vulnerabilities in Free LAN Intra|ternet Portal FLIP before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escapesqlData, implodesql, and implodesqlIn functions, but these are protection schemes, not...
CVE-2007-0695
Multiple SQL injection vulnerabilities in Free LAN Intra|ternet Portal FLIP before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escapesqlData, implodesql, and implodesqlIn functions, but these are protection schemes, not...
CVE-2007-0611
Multiple cross-site scripting XSS vulnerabilities in Free LAN Intra|ternet Portal FLIP before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in 1 inc.page.php and 2 inc.text.php...
CVE-2007-0611
The CVE-2007-0611 entry describes XSS vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2, exploitable via unspecified vectors in the files inc.page.php and inc.text.php. Affected component: FLIP web portal. Impact is the ability to inject arbitrary web script/HTML in the cont...
CVE-2007-0611
Multiple cross-site scripting XSS vulnerabilities in Free LAN Intra|ternet Portal FLIP before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in 1 inc.page.php and 2 inc.text.php...
TYPO3 Security Bulletin
Various security issues have been reported for PhpMyAdmin see www.securityfocus.com/bid/15196 for details. Component Type: Third Party Product, included with the TYPO3 core Affected Components: PhpMyAdmin Versions: TYPO3 3.8.0 and earlier Vulnerability Type: Various see below Severity: Medium...
TYPO3 Security Bulletin
A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...
Cobalt RaQ4 Remote root exploit
// RaQ 4 and possibly others easy remote root compromise // due to a flaw in the Security Hardening package HEHE! // Wouter ter Maat aka grazer - http://www.i-security.nl include stdio.h include sys/types.h include sys/socket.h include unistd.h include fcntl.h include netinet/in.h include netdb.h...