Lucene search
K
SecurityvulnsMost viewed

47153 matches found

securityvulns
securityvulns
added 2011/09/13 12:0 a.m.122 views

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Severity: Critical Versions Affected: Spring Framework: 3.0.0 to 3.0.5 Spring Security: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Several issues have been report...

6.8CVSS1.9AI score0.08532EPSS
Exploits1
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.122 views

ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability

ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-182 June 8, 2011 -- CVE ID: CVE-2011-0817 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracl...

10CVSS0.9AI score0.02734EPSS
Exploits0
securityvulns
securityvulns
added 2011/05/16 12:0 a.m.122 views

Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)

Multiple Vendors libc/fnmatch3 DoS incl apache poc Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 29.01.2011 - Pub.: 13.05.2011 CVE: CVE-2011-0419 CWE: CWE-399 Affected Software verified: - Apache 2.2.17 - NetBSD 5.1 - OpenBS...

4.3CVSS7.9AI score0.7332EPSS
Exploits14
securityvulns
securityvulns
added 2010/11/02 12:0 a.m.122 views

cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ cforms WordPress Plugin Cross Site Scripting Vulnerability CVE-2010-3977...

4.3CVSS5.7AI score0.04285EPSS
Exploits3
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.122 views

[security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02518794 Version: 1 HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote URL Redirection NOTICE: The information in this Security Bulletin should be acte...

4.3CVSS0.09659EPSS
Exploits1
securityvulns
securityvulns
added 2010/07/23 12:0 a.m.122 views

vBulletin - Critical Information Disclosure

Versions Affected: 3.8.6 Only! Info: Content publishing, search, security, and more—vBulletin has it all. Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money. Learn more about what makes vBulletin the choice for people who are serious about creating...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2008/08/01 12:0 a.m.122 views

[security bulletin] HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager (SAM), Unintended Remote Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01367453 Version: 1 HPSBUX02286 SSRT071466 rev.1 - HP-UX Running System Administration Manager SAM, Unintended Remote Access NOTICE: The information in this Security Bulletin should be acted upon...

10CVSS0.3AI score0.04425EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.122 views

mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability

hi mcGuestbook 1.2 lang Remote File Inclusion Vulnerability Found : Ghost Hacker R-H TeaM |, .-. .-. ,| HOME : www.Real-Hack.net | o/ o | Email : [email protected] |/ / | Script : mcGuestbook 1.2 Download Script : http://www.phpbank.net/admin/download.php?id=155 I love the Messenger of Allah...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/06/05 12:0 a.m.122 views

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...

5CVSS6.4AI score0.11367EPSS
Exploits1
securityvulns
securityvulns
added 2008/03/13 12:0 a.m.122 views

NULL pointer in Remotely Anywhere 8.0.668

Luigi Auriemma Application: Remotely Anywhere Server and Workstation http://www.remotelyanywhere.com Versions: = 8.0.668 Platforms: Windows Bug: NULL pointer Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code ...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2008/01/06 12:0 a.m.122 views

INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT

---- INVISION POWER BOARD 2.1.7 EXPLOIT ... ITDefence.ru Antichat.ru INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION Eugene Minaev [email protected] / / . / /// // / / // / / / /// / / / / / // / / / / / / / / / / / / / / / / / // / / / / // / // / / / // 2007 //// // // // // / . -...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.122 views

Powered By Dvbbs Version 7.1.0 Sp1 By Pass

By : Hasadya Raed Contact : [email protected] Israel -------------------------- Script : Dvbbs Version 7.1.0 Sp1 Dork : "Powered By Dvbbs Version 7.1.0 Sp1" -------------------------- Exploit : http://www.victim.com/Data/Dvbbs7.mdb...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2007/04/04 12:0 a.m.122 views

Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

Microsoft Security Bulletin MS07-017 Vulnerabilities in GDI Could Allow Remote Code Execution 925902 Published: April 3, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

9.3CVSS1.9AI score0.7288EPSS
Exploits18
securityvulns
securityvulns
added 2007/02/27 12:0 a.m.122 views

XXS in script Phorum

======================================================================= title: XXS in script Phorum homepage: www.phorum.org found: 2007-02-25 by: Crackman ================================================= exemple: http://www.site.com/path/admin.php?upgradefile="scriptalertdocument.cookie;/script...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/04/26 12:0 a.m.122 views

Cartweaver ColdFusion vuln.

Cartweaver ColdFusion vuln. Vuln. discovered by : r0t Date: 25 april 2006 vendorlink:www.cartweaver.com affected versions:2.16.11 and previous orginal advisory:http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html Vuln. Description: 1. SQL Injection vuln. Cartweaver ColdFusion...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2005/02/09 12:0 a.m.122 views

Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282)

Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer 867282 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

10CVSS0.3AI score0.6349EPSS
Exploits3
securityvulns
securityvulns
added 2005/01/26 12:0 a.m.122 views

[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200501-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

10CVSS0.3AI score0.09334EPSS
Exploits1
securityvulns
securityvulns
added 2001/10/20 12:0 a.m.122 views

Outlook Express and SPA (Secure Password Authentication)

Topic: Outlook Express and SPA Secure Password Authentication Author: 3APA3A [email protected] Affected Software: Internet Explorer 5.5, 6.0 Vendor: Microsoft Status: Informational 1. Background: Outlook Express doesn't support CRAM-MD5 or APOP and there is only one way to authenticate user...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2000/10/30 12:0 a.m.122 views

Minor bug in Pagelog.cgi

There is a small bug in PAGELOG.cgi by Metertek [email protected] which allows users to create and view files. Any file on the system with a '.log' extension readable by the uid/gid of the webserver can be viewed. In addition, two files with extensions of '.txt' and '.log' can be created in any...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/09/05 12:0 a.m.122 views

Linux news 5.09.00

Linux 2.2.17 Вышло новое ядро из стабильной серии - 2.2.17 Подробнее: http://www.linux.org.uk/VERSION/relnotes.2217.html Linux 2.2.18pre3 Alan Cox выпустил 1-ю pre-версию "после-следующего" стабильного ядра Linux - 2.2.18. Работа над следующим стабильным ядром Linux, 2.2.17, закончилась на pre20,...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2000/08/07 12:0 a.m.122 views

Redhat Linux 6.x remote root exploit

Hi, Included below is an exploit for the recently exposed linux rpc.statd format string vulnerability0. I have tailored it towards current Redhat Linux 6.x installations. It can easily be incorporated into attacks against the other vulnerable Linux distributions. I am not a security expert, but...

8AI score
Exploits0
securityvulns
securityvulns
added 2015/06/21 12:0 a.m.121 views

OS Command Injection in Vesta Control Panel

Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...

6.5CVSS0.7AI score0.11207EPSS
Exploits4
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.121 views

Kibana vulnerability CVE-2015-4093

Summary: Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting XSS attack. The attack allows execution of arbitrary JavaScript in the context of the user’s browser. We have been assigned CVE-2015-4093 for this issue. Fixed versions: Versions 4.0.3 and 4.1.0 have addresse...

4.3CVSS5.9AI score0.02043EPSS
Exploits0
securityvulns
securityvulns
added 2015/05/04 12:0 a.m.121 views

[ MDVSA-2015:226 ] fcgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:226 http://www.mandriva.com/en/support/security/ Package : fcgi Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated fcgi packages fix security vulnerability: FCGI does not perform...

5CVSS6.3AI score0.06086EPSS
Exploits0
securityvulns
securityvulns
added 2015/01/02 12:0 a.m.121 views

[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability

------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: http://www.symantec.com/web-gateway/ - Affecte...

6.5CVSS0.7AI score0.50324EPSS
Exploits6
securityvulns
securityvulns
added 2014/12/29 12:0 a.m.121 views

Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability

Document Title: =============== Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID VL-ID:...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.121 views

python integer overflow

Integer overflow in buffer...

6.4CVSS3.8AI score0.05307EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2014/01/09 12:0 a.m.121 views

LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

4.3CVSS0.9AI score0.01854EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.121 views

ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities

ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...

6.8CVSS7.4AI score0.02403EPSS
Exploits0
securityvulns
securityvulns
added 2013/08/28 12:0 a.m.121 views

[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() Signed Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.121 views

Basic Forum by JM LLC - Multiple Vulnerabilities

Dear all, I have discovered some vulnerabilities in Basic Forum, developed by JM LLC. Cheers, Sp3ctrecore ADVISORY ================================================ Basic Forum by JM LLC - Multiple Vulnerabilities ================================================ Software................: Basic For...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/11 12:0 a.m.121 views

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 Java for OS X 2013-002 and Mac OS X v10.6 Update 14 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 o...

10CVSS0.2AI score0.85882EPSS
Exploits10
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.121 views

Multiple Vulnerabilities in Linksys WAG200G

Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2012/05/01 12:0 a.m.121 views

Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

I wanted to comment on the workarounds for this problem: 1 Setting SQLNET.ENCRYPTIONSERVER=REQUIRED on the server is not enough to protect you. To avoid "man in the middle" attacks, you need to have an SSL certificate on the server and SSLSERVERDNMATCH=TRUE in the client's sqlnet.ora. 2 Another w...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2011/12/26 12:0 a.m.121 views

Novell Sentinel Log Manager <=1.2.0.1 Path Traversal

Vuln: Path Traversal Application: Sentinel Log Manager Vendor: Novell Version affected: = 1.2.0.1 Website: http://www.novell.com/products/sentinel-log-manager/ Discovered By: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it The latest version of Sentinel Log Manager...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.121 views

Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications

Hello 3APA3A! I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in flvPlayer, which is...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2011/11/27 12:0 a.m.121 views

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

7.5CVSS0.2AI score0.5341EPSS
Exploits12
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.121 views

Chrome Password Manager Cross Origin Weakness (CVE-2010-0556)

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Chrome Password Manager Cross Origin Weakness Release Date: 2010-02-15 Application: Google Chrome Web Browser Versions:...

4.3CVSS0.2AI score0.01047EPSS
Exploits0
securityvulns
securityvulns
added 2010/02/04 12:0 a.m.121 views

[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02000727 Version: 1 HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...

4.3CVSS0.2AI score0.03002EPSS
Exploits1
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.121 views

Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer (976325)

Microsoft Security Bulletin MS09-072 - Critical Cumulative Security Update for Internet Explorer 976325 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in...

9.3CVSS1.3AI score0.71802EPSS
Exploits8
securityvulns
securityvulns
added 2009/11/30 12:0 a.m.121 views

Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others

Hi! I've just released the working exploit for CTXSYS.DRVXTABC.CREATETABLES injection on Oracle DB 9i/10g CVE-2009-1991 You can find the code on my site, http://rawlab.mindcreations.com In particular, Classic SQL injection:...

3.6CVSS2.5AI score0.01712EPSS
Exploits0
securityvulns
securityvulns
added 2009/09/09 12:0 a.m.121 views

Microsoft Security Bulletin MS09-048 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)

Microsoft Security Bulletin MS09-048 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution 967723 Published: September 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Transmission...

10CVSS0.7AI score0.35042EPSS
Exploits3
securityvulns
securityvulns
added 2009/08/17 12:0 a.m.121 views

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007 Release Date. 17-Aug-2009 Last Update. - Vendor Notification Date. 15-Jun-2009 Product. Piwigo Platform. Independent Affected versions. 2.0.0 verified, possibly others Severity Rating. Medium Impact. Manipulation of data Attack...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/07/28 12:0 a.m.121 views

cross site scripting the browser google "chrome"

autor : bikolinux Vuln: cross site scripting the browser google "chrome" Download: http://www.google.com/chrome error local EMAIL [email protected] [email protected] vercion test 2.0.172.37 cross site scripting the browser google "chrome" The error is when making a request to record path =...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2009/04/16 12:0 a.m.121 views

XSS with mod_perl perl_status utility

Vulnerability found: 28th February 2009 Vendor informed: 1st March 2009 Advisory last updated: 1st March 2009 Severity: Medium/High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com CVE reference: CVE-2009-0796 BID: 34383 Many thanks to Torsten Foertsch for his kind assistance in fixing...

2.6CVSS9AI score0.29638EPSS
Exploits3
securityvulns
securityvulns
added 2009/04/10 12:0 a.m.121 views

SASPCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2009/02/05 12:0 a.m.121 views

Re: Nokia N95-8 browser denial of service

Hi, Also crashes Firefox 3.06 latest, Stack overflow. to not be confused with stack buffer overflow Thu Feb 5 18:46:13.828 2009 GMT+1: 15d8.17ec: Stack overflow - code c00000fd first chance eax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60 eip=604fcc8f esp=00032fa0...

2.3AI score
Exploits0
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.121 views

Joomla Component mydyngallery

Joomla Component mydyngallery AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://mydyngallery.mon-cottenchy.fr DORK : inurl:option=commydyngallery Bug...

1.5AI score
Exploits0
securityvulns
securityvulns
added 2008/07/22 12:0 a.m.121 views

Maran PHP Blog Xss By Khashayar Fereidani

---------------------------------------------------------------- Script : Maran PHP Blog Type : XSS Pasive Method : GET Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani a.k.a. Dr.Crash My Offical Website : HTTP://FEREIDANI.IR...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2008/05/24 12:0 a.m.121 views

PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

Update: To exploit this in both firefox and IE requires an extra char "=" in the end. Using the same PoC URL we get: https://target.tld/my.logon.php3?"/scripttextareaHTMLinjectiontest/textarea!--= Client environment: firefox 2.0.0.11 and IE 6.0.2900.2180 Ricardo Martins, CISA Security Consultant...

0.1AI score
Exploits0
Total number of security vulnerabilities5000