CVE-2008-3340

Cross-site scripting XSS vulnerability in searchresult.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable possibly the opt parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in searchresult.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable possibly the opt parameter...

Maran PHP Blog Xss By Khashayar Fereidani

---------------------------------------------------------------- Script : Maran PHP Blog Type : XSS Pasive Method : GET Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website : HTTP://FEREIDANI.IR...

easybookmaker-xss.txt

---------------------------------------------------------------- Script : Easybookmarker 40tr Type : Xss Vulnerability Method : POST Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website :...

Stack overflow

Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable...

CVE-2008-3229

Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable...

Phpcms 2 0 0 7 remote file inclusion vulnerability-vulnerability warning-the black bar safety net

zzPhpcms 2 0 0 7 remote file include vulnerability url:http://www. wolvez. org/forum/redirect. php? tid=1 8 2&goto=lastpost This vulnerability is a more common variable coverage holes, where the transfer is due to the discovery of this vulnerability if it is a white box that you want to have a...

Phpcms 2007 common.inc.php远程文件包含漏洞

该cms的核心配置文件/include/common.inc.php有缺陷 -------------------------------------------- //23行开始 @extract$POST, EXTROVERWRITE; @extract$GET, EXTROVERWRITE; unset$POST, $GET; ------------------------------------------------ 这里extract函数会导致变量覆盖，可能引发一系列的问题...

Dedecms V5可执行文件上传漏洞

这是一个比较有意思的东西，但是成功利用起来并不容易，呵呵。 首先看configrglobals.php文件，摘的一段代码如下。这里作者本意是为了帮我们注册变量的，但是他却疏忽了我们不但能注册变量，还能覆盖一些变量。configrglobalsmagic.php也有同样的问题 ………………………………………………………………………… ifisarray$GET foreach$GET AS $key = $value $$key = $value; //可以覆盖任意变量 ………… …………………………………………………………………………...

CVE-2008-3071

Directory traversal vulnerability in inc/classlanguage.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable...

CVE-2008-3071

Directory traversal vulnerability in inc/classlanguage.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable...

CVE-2008-3070

CVE-2008-3070 affects the MyBB code path in inc/datahandler/user.php for versions before 1.2.13 . The vulnerability is described as an “unspecified vulnerability” with unknown impact and attack vectors related to the $user['language'] variable, probably tied to an SQL injection issue. According t...

CVE-2008-3070

Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user'language' variable, probably related to SQL injection...

风讯API_Response.asp注入漏洞

API/APIResponse.asp变量username未经过滤传值，带入sql执行，导致注入产生。 If CheckPost Then Select Case Act Case "checkname" '触发注入 Checkname CheckPost函数原型在行73-96，username由此获取值，代码如下: XmlDoc.documentElement.selectSingleNode"username" Checkname函数在行233-254，代码如下： Sub Checkname Dim UserEmail Dim Temptr,i,Rs,Sql UserEmail =...

Orlando CMS 0.6 Remote File Inclusion Vulnerabilities

No description provided by source. Orlando CMS classes Remote File Include Vulnerabilities Discovered by : Ciph3r MAIL : [email protected] SP TANX4 : Iranian hacker & Kurdish Security TEAM CLASS : remote download cms: http://sourceforge.net/project/showfiles.php?groupid=195547 C0de :...

vistareseller-xss.txt

VistaReseller Panel BETA Xss Vulnerability Discovered By Khashayar Fereidani Or Ircrash Our Team : IRCRASH IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr Risk : Low Xss Address : http://Example/panel/index.php?option=forums Variable :...

VistaReseller Panel BETA Xss Vulnerability

VistaReseller Panel BETA Xss Vulnerability Discovered By Khashayar Fereidani Or Ircrash Our Team : IRCRASH IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr Risk : Low Xss Address : http://Example/panel/index.php?option=forums Variable :...

PHPMyCart 1.3 - 'cat' SQL Injection

PHPMyCart Injection Vulnerability Bug by: h0yt3r Script suffers from a not correctly verified category id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Quer...

Code injection

Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."...

CVE-2008-1031

CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted PDF document, related to an uninitialized variable...