ArtDesign CMS SQL Injection

Hello Full-Disclosure! I want to warn you about security vulnerability in ArtDesign CMS. It's Ukrainian commercial CMS. ----------------------------- Advisory: Vulnerability in ArtDesign CMS ----------------------------- URL: http://websecurity.com.ua/4035/ ----------------------------- Affected...

DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

Hello Bugtraq! I want to warn you about security vulnerability in different browsers. ----------------------------- Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera ----------------------------- URL: http://websecurity.com.ua/4238/ ----------------------------- Affect...

Joomla DS-Syndicate SQL Injection

Hello Full-Disclosure! I want to warn you about security vulnerabilities in plugin DS-Syndicate for Joomla. ----------------------------- Advisory: Vulnerabilities in DS-Syndicate for Joomla ----------------------------- URL: http://websecurity.com.ua/4003/ ----------------------------- Affected...

Vulnerabilities in plugin DS-Syndicate for Joomla

Здравствуйте 3APA3A! Сообщаю вам о SQL Injection и Full path disclosure уязвимостях в плагине DS-Syndicate для Joomla. SQL Injection: http://site/index2.php?option=ds-syndicate&version=1&feedid=-120or20version=5 Full path disclosure: http://site/index2.php?option=ds-syndicate&version=1&feedid=...

Cross-Site Scripting vulnerability in Mango

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Mango. XSS: http://site/archives.cfm/search/?term=3Cbody20onload=alertdocument.cookie3E Уязвимы Mango 1.4.1 и предыдущие версии. Дополнительная информация о данной уязвимости у меня на сайте:...

DataLife Engine 6.9 Cross Site Scripting

Hello Bugtraq! I want to warn you about security vulnerability in Referer module for DataLife Engine DLE. ----------------------------- Advisory: Vulnerability in Referer for DataLife Engine ----------------------------- URL: http://websecurity.com.ua/3942/ ----------------------------- Affected...

CMS SiteLogic SQL Injection

Hello Bugtraq! I want to warn you about security vulnerabilities in CMS SiteLogic. It's Ukrainian commercial CMS. ----------------------------- Advisory: Vulnerabilities in CMS SiteLogic ----------------------------- URL: http://websecurity.com.ua/3935/ ----------------------------- Affected...

Vulnerabilities in TAK cms

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Brute Force уязвимостях в TAK cms это украинская CMS. Insufficient Anti-automation: http://site/about/contacts/ http://site/register/getpassword/ На данных страницах отсутствует защита от автоматизированных запросов...

Vulnerabilities in ArcManager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Denial of Service уязвимостях в системе ArcManager. Уязвимости имеют место в скрипте капчи CaptchaSecurityImages.php, который используется в данной системе. Об уязвимостях в CaptchaSecurityImages я уже сообщал...

Vulnerabilities in CaptchaSecurityImages

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Denial of Service уязвимостях в веб приложении CaptchaSecurityImages. Это скрипт капчи, который используется на многих веб сайтах и движках. Insufficient Anti-automation уязвимость я нашёл 06.10.2007, во время...

Joomla VXDate SQL Injection / Cross Site Scripting

Hello Bugtraq! I want to warn you about vulnerabilities in component VXDate for Joomla. ----------------------------- Advisory: Vulnerabilities in VXDate for Joomla ----------------------------- URL: http://websecurity.com.ua/3849/ ----------------------------- Timeline: 10.05.2009 - found the...

phpAdsNew / OpenAds / OpenX XSS

Hello Bugtraq! I want to warn you about vulnerability in phpAdsNew, OpenAds and OpenX. Earlier I already wrote to the list about XSS and HTML Injection vulnerabilities in tagcloud.swf in multiple plugins for many engines such as WordPress, Joomla and DLE. About this issue I wrote in details in my...

Abton CMS SQL Injection

Hello Full-Disclosure! I want to warn you about vulnerabilities in Abton. It's commercial Ukrainian CMS. ----------------------------- Advisory: Vulnerabilities in Abton ----------------------------- URL: http://websecurity.com.ua/2886/ ----------------------------- Timeline: 31.03.2008 - found t...

Brute Force and Insufficient Authorization vulnerabilities in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force и Insufficient Authorization уязвимостях в WordPress. Ранее в 2008 году я уже писал о Brute Force уязвимости в WordPress http://websecurity.com.ua/2007/, что была выявлена Kad ещё в 2007 году http://securityvulns.ru/Pdocument580.html...

Hydra CMS SQL Injection / Cross Site Scripting

Hello Full-Disclosure! I want to warn you about vulnerabilities in Hydra Engine. It's commercial Ukrainian CMS. ----------------------------- Advisory: Vulnerabilities in Hydra Engine ----------------------------- URL: http://websecurity.com.ua/3453/ ----------------------------- Timeline:...

Vulnerability in phpAdsNew, OpenAds and OpenX

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в системах phpAdsNew, OpenAds та OpenX. В баннерных системах phpAdsNew, OpenAds и OpenX возможна XSS атака через параметр clickTAG во флеш баннерах. О подобных уязвимостях я писал в своей статье XSS уязвимости в 8 миллионах флеш...

Vulnerabilities in Hydra Engine

Здравствуйте 3APA3A! Сообщаю вам о Full path disclosure, SQL Injection и Cross-Site Scripting уязвимостях в системе Hydra Engine. Это украинская CMS. Full path disclosure: http://site/search/’/ SQL Injection: http://site/search/'20and20version3E5--20/ XSS:...

XAMPP <= 1.6.8 Multiple Vulnerabilities (Jun 2009)

XAMPP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apachefriends:xampp"; if description...

Multiple vulnerabilities in XAMPP

No description provided by source. I am continue informing you about multiple vulnerabilities in XAMPP. ----------------------------- Advisory 7 ----------------------------- CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP ----------------------------- URL:...

Joomla JVClouds3D Cross Site Scripting / HTML Injection

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in JVClouds3D modjvclouds3D plugin for Joomla. Which I found at 08.01.2010. It is similar to XSS vulnerability in Joomulus for Joomla http://websecurity.com.ua/3801/. About millions of flash files tagcloud.swf which are...