Lucene search
K

237 matches found

CVE
CVE
added 2008/02/05 1:0 a.m.39 views

CVE-2008-0574

The provided connected and main CVE docs confirm CVE-2008-0574 is an XSS vulnerability in webSPELL 4.01.02. Specifically, index.php is vulnerable via the sort parameter in the whoisonline action, enabling remote attackers to inject arbitrary web script/HTML. Impact is consistent with an XSS in wh...

4.3CVSS5.7AI score0.01511EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2008/01/31 12:0 a.m.18 views

webspell-multi.txt

Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org 1 Cross-Site Scripting Vulnerability 2 Change User Permission XSRF Vulnerability 1 http://site.tld/path/index.php?site=whoisonline&sort="xss code 2 This creates a superadmin account, when an admin click a link, to a...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/01/30 12:0 a.m.11 views

webSPELL 4.1.2 - whoisonline.php Cross-Site Scripting

webSPELL 4.1.2 - whoisonline.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27517/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2008/01/30 12:0 a.m.24 views

webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27517/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2008/01/30 12:0 a.m.48 views

Webspell 4.01.02 2 Vulnerabilites

Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org 1 Cross-Site Scripting Vulnerability 2 Change User Permission XSRF Vulnerability 1 http://site.tld/path/index.php?site=whoisonline&sort="xss code 2 This creates a superadmin account, when an admin click a link, to a...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2007/12/13 12:0 a.m.45 views

webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability

Autor: Brainhead Type: XSS Version: 4.01.02 Files: usergallery.php, calendar.php Magic Quotes :off Examples: http://site.tld/PATH/index.php?site=usergallery&action=upload&galleryID="your code http://site.tld/PATH/index.php?site=calendar&action=announce&upID="your code...

0.6AI score
Exploits0
NVD
NVD
added 2007/12/11 9:46 p.m.18 views

CVE-2007-6309

Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...

4.3CVSS5.8AI score0.04163EPSS
Exploits1References6
Prion
Prion
added 2007/12/11 9:46 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...

4.3CVSS6.1AI score0.04163EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/12/11 9:0 p.m.26 views

CVE-2007-6309

Multiple cross-site scripting XSS vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the galleryID parameter in a usergallery upload action; or the 2 upID, 3 tag, 4 month, 5 userID, or 6 year parameter in a calendar announce action...

5.8AI score0.04163EPSS
Exploits1References6
CVE
CVE
added 2007/12/11 9:0 p.m.51 views

CVE-2007-6309

The CVE-2007-6309 entry describes multiple cross-site scripting (XSS) vulnerabilities in webSPELL 4.1.2, specifically in index.php. The issues allow remote attackers to inject arbitrary script/HTML via parameters in two actions: (1) galleryID in a usergallery upload action, and (2) upID, tag, mon...

4.3CVSS5.8AI score0.04163EPSS
Exploits1References6Affected Software1
Exploit DB
Exploit DB
added 2007/12/10 12:0 a.m.22 views

webSPELL 4.1.2 - 'usergallery.php?galleryID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/12/10 12:0 a.m.28 views

webSPELL 4.1.2 - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/12/10 12:0 a.m.18 views

webSPELL 4.1.2 - calendar.php Multiple Cross-Site Scripting Vulnerabilities

webSPELL 4.1.2 - calendar.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

Exploits0
Packet Storm
Packet Storm
added 2007/12/10 12:0 a.m.20 views

webspell-xss.txt

Autor: Brainhead Type: XSS Version: 4.01.02 Files: usergallery.php, calendar.php Magic Quotes :off Examples: http://site.tld/PATH/index.php?site=usergallery&action=upload&galleryID="your code http://site.tld/PATH/index.php?site=calendar&action=announce&upID="your code...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/12/10 12:0 a.m.14 views

webSPELL 4.1.2 - usergallery.php?galleryID Cross-Site Scripting

webSPELL 4.1.2 - usergallery.php?galleryID Cross-Site Scripting source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

6.8AI score
Exploits0
NVD
NVD
added 2007/07/26 7:30 p.m.14 views

CVE-2007-4028

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS7AI score0.01523EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/07/26 7:0 p.m.23 views

CVE-2007-4028

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...

7AI score0.01523EPSS
Exploits1References5
CVE
CVE
added 2007/07/26 7:0 p.m.42 views

CVE-2007-4028

CVE-2007-4028 affects Webspell 4.01.02. A vulnerability in index.php allows absolute path traversal, enabling remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. CVSS v2 base score 7.5 (HIGH): Network vector, no authentication, low attack compl...

7.5CVSS7.1AI score0.01523EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2007/07/24 12:0 a.m.21 views

webspell-lfi.txt

muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting %00 $Discovered by muH $Usage: http://server.com/index.php?site=c:\windows\repair\sam%00...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/23 12:0 a.m.134 views

Webspell 4.x Local File Inclusion

muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting 00 $Discovered by muH $Usage: http://server.com/index.php?site=c:windowsrepairsam00...

7.2AI score
Exploits0
Rows per page
Query Builder