Path disclosure when some files have been removed.

PMASA-2011-1 Announcement-ID: PMASA-2011-1 Date: 2011-02-08 Summary Path disclosure when some files have been removed. Description When the files README, ChangeLog or LICENSE have been removed from their original place possibly by the distributor, the scripts used to display these files can show...

Firebook 3.100328 Cross Site Scripting / Disclosure

Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...

CMS WebManager-Pro 7.4.3 Code Execution / Cross Site Request Forgery

Hello list! I want to warn you about Remote Code Execution and Cross-Site Request Forgery vulnerabilities in CMS WebManager-Pro. This CMS is widely using at different web sites, including security and government sites. ------------------------- Affected products: -------------------------...

Новые уязвимости в SimpGB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force, Insufficient Anti-automation и Abuse of Functionality уязвимостях в SimpGB. XSS WASC-08: POST запрос на странице http://site/guestbook.php в параметрах poster, postingid и location в функции Preview. Если в...

SimpGB 1.49.02 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Brute Force, Insufficient Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. ------------------------- Affected products: ------------------------- Vulnerable are SimpGB v1.49.02 and previous versions. ---------- Detail...

MC Content Manager Path Disclosure / SQL Injection

------------------------- Affected products: ------------------------- Vulnerable are only not the latest versions of MC Content Manager. ---------- Details: ---------- Full path disclosure WASC-13: http://site/article.php?root=a SQL Injection WASC-19:...

xAjax Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Cross-Site Scripting and Full path disclosure vulnerabilities in xAjax and xajaxjqueryplugin. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions of xAjax. Vulnerable are all versions of...

B-Cumulus Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting vulnerability in b-cumulus. It's widget for Blogger, which is also using at separate sites. SecurityVulns ID: 11353. ------------------------- Affected products: ------------------------- Vulnerable are all versions of b-cumulus. ---------...

MC Content Manager 10.1.1 Cross Site Scripting / Path Disclosure

Hello list! I want to warn you about Cross-Site Scripting, Brute Force and Full path disclosure vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions of MC Content Manage...

PHP-Nuke 8.1 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in PHP-Nuke. SecurityVulns ID: 11343. ------------------------- Affected products: ------------------------- Vulnerable are PHP-Nuke 8.1 and previous versions. Tested in PHP-Nuke 8.0 and 8.1...

W-Agora 4.2.1 Cross Site Scripting / Denial Of Service / SQL Injection

Hello Packet Storm! I want to warn you about Cross-Site Scripting, SQL DB Structure Extraction, SQL Injection and Denial of Service vulnerabilities in W-Agora. SecurityVulns ID: 11324. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous...

Joostina 1.3.0 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Cross-Site Scripting vulnerability in Joostina. Joostina CMS - it's a fork of Joomla. This vulnerability is similar to XSS vulnerability in Joomla 1.0.x found by Aung Khant...

Martinweb CMS Cross Site Scripting / SQL Injection

Hello Full-Disclosure! I want to warn you about vulnerabilities in Martinweb CMS. It's Ukrainian commercial CMS which is used particularly at web sites of security companies and banks. ------------------------- Affected products: ------------------------- Vulnerable are possibly all versions of...

Уязвимости в Martinweb CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и SQL DB Structure Extraction уязвимостях Martinweb CMS. Это украинская коммерческая CMS, которая в частности используется на сайтах секюрити компаний и банков. XSS WASC-08:...

Новые уязвимости в eSitesBuilder

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting, Insufficient Anti-automation и Abuse of Functionality уязвимостях eSitesBuilder. Это украинская коммерческая CMS - движок для онлайн магазинов. XSS WASC-08:...

Cetera eCommerce 14.0 SQL Injection / Cross Site Scripting

Hello Full-Disclosure! I want to warn you about new security vulnerabilities in Cetera eCommerce. It's engine for online shops. ------------------------- Affected products: ------------------------- Vulnerable are Cetera eCommerce 14.0 and previous versions. ---------- Details: ---------- XSS...

Joomla 1.5.22 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Insufficient Anti-automation, Abuse of Functionality and Cross-Site Scripting vulnerabilities in Joomla. Vulnerabilities exist in component commailto, which is a core component of Joomla. ------------------------- Affected products:...

Fabrica Engine 2.1 Cross Site Scripting / Denial Of Service / SQL Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting, Denial of Service and SQL Injection vulnerabilities in Fabrica Engine which I found in 2008 and 2009 at web site of one online shop. It's commercial engine for online shops. SecurityVulns ID: 11274. ------------------------- Affected...

Уязвимости в Joomla

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Abuse of Functionality уязвимостях в Joomla. Уязвимости имеют место в компоненте comcontact, который является стандартным компонентом Joomla. Детально о подобных уязвимостях, о рассылке спама через сайты и создании...

Register Plus For WordPress Cross Site Scripting / Path Disclosure

Hello Bugtraq! I want to warn you about Cross-Site Scripting, Insufficient Anti-automation and Full path disclosure vulnerabilities in plugin Register Plus for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are versions of plugin Register Plus 3.5.1 a...