webSPELL 4.01.02 - id Remote Edit Topics

webSPELL 4.01.02 - id Remote Edit Topics +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | webSPELL = 4.01.02 id Remote Edit Topics Vulnerability | Note | +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | discovered by athos -...

webSPELL <= 4.01.02 (id) Remote Edit Topics Vulnerability

Exploit for unknown platform in category web applications ========================================================= webSPELL = 4.01.02 id Remote Edit Topics Vulnerability =========================================================...

webSPELL 4.01.02 - &#039;id&#039; Remote Edit Topics

+=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | webSPELL = 4.01.02 id Remote Edit Topics Vulnerability | Note | +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | discovered by athos - stakerathotmaildotit | magic quotes 0 | |...

Webspell 4 SQL Injection

Webspell Login Bypass Found by: h0yt3r Checklogin.php Line 60: setcookie"wsauth", $ds'userID'.":".$wspwd, time+$sessionduration6060; $login = 1; functions.php Line 253: $loginpercookie = false; ifisset$COOKIE'wsauth' AND !isset$SESSION'wsauth' $loginpercookie = true; $SESSION'wsauth' =...

Webspell 4 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. Webspell Login Bypass Found by: h0yt3r Checklogin.php Line 60: setcookie"wsauth", $ds'userID'.":".$wspwd, time+$sessionduration6060; $login = 1; functions.php Line 253: $loginpercookie = false; ifisset$COOKIE'wsauth' AND !isset$SESSION'wsauth' $loginpercookie =...

Webspell 4 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================== Webspell 4 Auth Bypass SQL Injection Vulnerability ==================================================== Webspell Login Bypass Found by: h0yt3r Checklogin.php Line 60: setcookie"wsauth",...

webSPELL 4 - Authentication Bypass

webSPELL 4 - Authentication Bypass Webspell Login Bypass Found by: h0yt3r Checklogin.php Line 60: setcookie"wsauth", $ds'userID'.":".$wspwd, time+$sessionduration6060; $login = 1; functions.php Line 253: $loginpercookie = false; ifisset$COOKIE'wsauth' AND !isset$SESSION'wsauth' $loginpercookie =...

CVE-2008-1481

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1481

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1481

The provided sources confirm a Cross-site Scripting (XSS) vulnerability in webSPELL 4.1.2 (component: index.php) exposed via the board parameter. The root cause discussed is lack of input sanitization/validation for that parameter, enabling injection of arbitrary script or HTML. Public references...

webSPELL 4.1.2 - index.php Cross-Site Scripting

webSPELL 4.1.2 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28294/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

webSPELL 4.1.2 - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/28294/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action...

CVE-2008-0575

Cross-site request forgery CSRF vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action...

CVE-2008-0574

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action...

CVE-2008-0575

Cross-site request forgery CSRF vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote attackers to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action...

CVE-2008-0574

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action...

CVE-2008-0574

The provided connected and main CVE docs confirm CVE-2008-0574 is an XSS vulnerability in webSPELL 4.01.02. Specifically, index.php is vulnerable via the sort parameter in the whoisonline action, enabling remote attackers to inject arbitrary web script/HTML. Impact is consistent with an XSS in wh...