237 matches found
CVE-2008-0574
The provided connected and main CVE docs confirm CVE-2008-0574 is an XSS vulnerability in webSPELL 4.01.02. Specifically, index.php is vulnerable via the sort parameter in the whoisonline action, enabling remote attackers to inject arbitrary web script/HTML. Impact is consistent with an XSS in wh...
webspell-multi.txt
Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org 1 Cross-Site Scripting Vulnerability 2 Change User Permission XSRF Vulnerability 1 http://site.tld/path/index.php?site=whoisonline&sort="xss code 2 This creates a superadmin account, when an admin click a link, to a...
webSPELL 4.1.2 - whoisonline.php Cross-Site Scripting
webSPELL 4.1.2 - whoisonline.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27517/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27517/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Webspell 4.01.02 2 Vulnerabilites
Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org 1 Cross-Site Scripting Vulnerability 2 Change User Permission XSRF Vulnerability 1 http://site.tld/path/index.php?site=whoisonline&sort="xss code 2 This creates a superadmin account, when an admin click a link, to a...
webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability
Autor: Brainhead Type: XSS Version: 4.01.02 Files: usergallery.php, calendar.php Magic Quotes :off Examples: http://site.tld/PATH/index.php?site=usergallery&action=upload&galleryID="your code http://site.tld/PATH/index.php?site=calendar&action=announce&upID="your code...
CVE-2007-6309
Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...
CVE-2007-6309
Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...
CVE-2007-6309
The CVE-2007-6309 entry describes multiple cross-site scripting (XSS) vulnerabilities in webSPELL 4.1.2, specifically in index.php. The issues allow remote attackers to inject arbitrary script/HTML via parameters in two actions: (1) galleryID in a usergallery upload action, and (2) upID, tag, mon...
webSPELL 4.1.2 - 'usergallery.php?galleryID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
webSPELL 4.1.2 - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
webSPELL 4.1.2 - calendar.php Multiple Cross-Site Scripting Vulnerabilities
webSPELL 4.1.2 - calendar.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
webspell-xss.txt
Autor: Brainhead Type: XSS Version: 4.01.02 Files: usergallery.php, calendar.php Magic Quotes :off Examples: http://site.tld/PATH/index.php?site=usergallery&action=upload&galleryID="your code http://site.tld/PATH/index.php?site=calendar&action=announce&upID="your code...
webSPELL 4.1.2 - usergallery.php?galleryID Cross-Site Scripting
webSPELL 4.1.2 - usergallery.php?galleryID Cross-Site Scripting source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
CVE-2007-4028
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-4028
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-4028
CVE-2007-4028 affects Webspell 4.01.02. A vulnerability in index.php allows absolute path traversal, enabling remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. CVSS v2 base score 7.5 (HIGH): Network vector, no authentication, low attack compl...
webspell-lfi.txt
muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting %00 $Discovered by muH $Usage: http://server.com/index.php?site=c:\windows\repair\sam%00...
Webspell 4.x Local File Inclusion
muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting 00 $Discovered by muH $Usage: http://server.com/index.php?site=c:windowsrepairsam00...