2580 matches found
HRG006.txt
HRG - Hackerlounge Research Group Release: HRG006 Monday 03/01/05 427BB The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: 427BB Any Version --- General Information: 427BB Is a simple board...
[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
PersianHacker.NET 200505-06 paNews v2.0b4 XSS Vulnerability Date: 2005 February Bug Number: 06 paNews is a news management script to use on your site. Users can use paCode, special code designed to allow the adding of images and font changes in the posts without allowing users to use HTML to post...
Sunshop < 3.4RC2 index.php search Parameter XSS
Binary data 2590.prm...
sparkleBlog.txt
Various Vulnerabilities in SparkleBlog SparkleBlog is an open-source PHP script which allows you to input and edit your weblog entries, without having to go through the hassle of coding in HTML and uploading via FTP every time you want to make an update. A weblog aka blog is simply an online...
Various Vulnerabilities in SparkleBlog
Various Vulnerabilities in SparkleBlog SparkleBlog is an open-source PHP script which allows you to input and edit your weblog entries, without having to go through the hassle of coding in HTML and uploading via FTP every time you want to make an update. A weblog aka blog is simply an online...
[Full-Disclosure] Xanga Cookie Stealing Vunerability XSS - GNAA Security Center
Vendor: Xanga URL: http://www.xanga.com/ Versions: Current Remote: Yes vendor notified: 06 Oct 2004 at 14:08 Vendor response: NONE Summary: Xanga is a fully featured blogging system, it provides great control over look & feel of a users blog by allowing HTML with only basic checks. Xanga has well...
PHPKIT SQL Injection, XSS
Author: Steve Date: November 22, 2004 Affected Software:PHP KIT Software Version: 1.6.03 - 1.6.1 Software URL: http://www.phpkit.de Attack: SQL Injection, allowing people to manipulate the query into pulling data. XSS What is PHPKIT: PHPKIT is a modular developed Homepage Software which can simpl...
SquirrelMail: Encoded text XSS vulnerability
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted headers. Impact By enticing a user to read a...
phpSQLnuke.pl
XSS/SQL Injection PHP-Nuke Delete Messages Bug by bima Php-Nuke is a popular freeware content management system. Based on information at : http://www.mantralab.org/modules.php/modulo/news/lanotizia/%5BXSS%5D+PHP-Nuke+7.4+Add+Message+Bug An attacker permitted to post to global home-page messages. ...
imp3 -- XSS hole in the HTML viewer
The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer...
Phorum search.php subject Parameter XSS
The remote version of Phorum contains a script called 'search.php' that is vulnerable to a cross-site scripting attack. An attacker may be able to exploit this problem to steal the authentication credentials of third-party users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
SquirrelMail "Content-Type" XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================== - RS-Labs Security Advisory - =============================== Tittle: SquirrelMail "Content-Type" XSS vulnerability ID: RS-2004-1 Severity: Medium / High - Arbitrary tags injection in victim's browser context Date:...
[Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection
Products: Postnuke v 0.726 http://www.postnuke.com Date: 15 April 2004 Author: pokleyzz pokleyzzatscan-associates.net Contributors:skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Postnuke v 0.726 and below SQL injection...
[waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]
================================================================================ waraxe-2004-SA012 ================================================================================ Multiple vulnerabilities in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta...
[Full-Disclosure] Blogger XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------ BLOGGER XSS VULNERABILITY - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?470 Severity : Moderately Critical for Members Permanent Accou...
Multiple Vulnerabilities in Led-Forums
Product: Led-Forums Versions: Beta 1 Vulnerability: XSS- and redirection-Bug Date: October 30, 2003 Discovered by: ProXy [email protected] 1. - XSS-Bug The Welcome-Message of the Led-Forums software could be changed by everybody. Normal Text, HTML and Javascript it's all allowed! : eg:...
ECHU.ORG Alert #4: GuppY makes XSS attacks easy
-------------------------------- | GuppY makes XSS attacks easy | -------------------------------- PROGRAM: GuppY VULNERABLE VERSIONS: All versions under 2.4p1 IMMUNE VERSIONS: 2.4p1 SEVERITY: high Tested version ============== GuppY 2.4 on the official GuppY website. Description ============...
phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures
phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures -------------------- Product: phpMyAdmin Vendor: phpMyAdmin Development Team Versions: VULNERABLE - 2.5.2 CVS in Development - 2.5.x - 2.4.x - 2.3.x - 2.2.x - 2.1.x - 2.0.x - 1.x.x NO...
Several security issues were reported to BugTraq mailing list. However most of these issues were already fixed some time ago.
PMASA-2003-1 Announcement-ID: PMASA-2003-1 Date: 2003-06-18 Summary Several security issues were reported to BugTraq mailing list. However most of these issues were already fixed some time ago. Description Reporter wrote that he found following issues within phpMyAdmin code each issue is followed...
DCP-Portal Multiple Script XSS
The version of DCP-Portal installed on the remote host fails to sanitize input to the script 'calendar.php' before using it to generate dynamic HTML, that could let an attacker execute arbitrary code in the browser of a legitimate user. It may also be affected by HTML injection flaws, which could...