Section: .. / 0606-exploits /
| /// File Name: |
FSA-017.txt |
Description:
|
HotPlugCMS version 1.0 is susceptible to a cross site scripting flaw.
| | Author: | Federico Fazzi | | File Size: | 496 | | Last Modified: | Jun 26 00:20:05 2006 |
| MD5 Checksum: | 68419139cda674fc2852fc1e7cfd0fd4 |
|
| /// File Name: |
ciscoXSS.txt |
Description:
|
Cisco Secure ACS LoginProxy.cgi has been found to be vulnerable to Cross Site Scripting attacks via both GET and POST requests due to a failure to properly filter undesirable user input. Successful exploitation could result in a loss of privacy of sensitive data, such as usernames and passwords. Exploitation details provided.
| | Author: | Liam Romanis | | File Size: | 4337 | | Last Modified: | Jun 26 00:19:28 2006 |
| MD5 Checksum: | 845172879ee4eabd67b6dd8fc63bdca5 |
|
| /// File Name: |
andysChat.txt |
Description:
|
Andy's Chat version 4.5 suffers from a remote file inclusion flaw.
| | Author: | SpC-x | | Homepage: | http://wWw.SaVSaK.CoM/ | | File Size: | 476 | | Last Modified: | Jun 25 17:33:50 2006 |
| MD5 Checksum: | 54d0c155df2e7f3710a92df2b7696bda |
|
| /// File Name: |
hotplugCMS.txt |
Description:
|
HotPlugCMS version 1.0 suffers from a SQL injection vulnerability.
| | Author: | peda | | File Size: | 237 | | Last Modified: | Jun 25 17:33:07 2006 |
| MD5 Checksum: | 5ae6290371c5086125e5f972cd621c33 |
|
| /// File Name: |
rt-sa-2006-005.txt |
Description:
|
RedTeam has identified a SQL injection that can be triggered due to a lack of user input sanitization in phpBannerExchange versions 2.0 RC5 and below. It is possible to recover a password of a user and thereby overtake his account.
| | Author: | RedTeam Pentesting | | Homepage: | http://www.redteam-pentesting.de/ | | File Size: | 3869 | | Related CVE(s): | CVE-2006-3013 | | Last Modified: | Jun 25 17:32:05 2006 |
| MD5 Checksum: | 92155311e0e3fa99e3565e9110bfd108 |
|
| /// File Name: |
biblenet.txt |
Description:
|
Biblenet.net suffers from multiple cross site scripting flaws.
| | Author: | luny | | File Size: | 1284 | | Last Modified: | Jun 25 17:28:29 2006 |
| MD5 Checksum: | 59f9f6f3325aa27a95dda4d9a3bc85b8 |
|
| /// File Name: |
mp3search.txt |
Description:
|
MP3 Search/Archive version 1.2 suffer from a cross site scripting flaw.
| | Author: | luny | | File Size: | 622 | | Last Modified: | Jun 25 17:27:37 2006 |
| MD5 Checksum: | 8c545ba5555fc22c8370947c38d6d935 |
|
| /// File Name: |
b3ta.txt |
Description:
|
B3ta.com suffers from a cross site scripting flaw.
| | Author: | luny | | File Size: | 617 | | Last Modified: | Jun 25 17:27:01 2006 |
| MD5 Checksum: | 302bf74fc34d92a0ab210209e06c2dac |
|
| /// File Name: |
APBoardSQL.txt |
Description:
|
APBoard versions 2.2-r3 and below suffer from SQL injection flaws.
| | Author: | 666 | | Homepage: | http://www.SR-Crew.de.tt | | File Size: | 2015 | | Last Modified: | Jun 21 04:26:54 2006 |
| MD5 Checksum: | 03d63143b493ae2eed24039dd8574d2d |
|
| /// File Name: |
eprayer.txt |
Description:
|
Eprayer is susceptible to cross site scripting attacks.
| | Author: | luny | | File Size: | 382 | | Last Modified: | Jun 21 04:25:04 2006 |
| MD5 Checksum: | da47d3ea18f5669a9cb96cec6b8be537 |
|
| /// File Name: |
iPlanet.txt |
Description:
|
Setuid programs that are part of the iPlanet Messaging Server version 5.2 HotFix 1.16 try to read the configuration file msg.conf. If the environment variable CONFIGROOT is set, the configuration is read from that directory. A symlink attack is possible, and as a result it is possible to read the first line of any file with uid 0 privileges.
| | Author: | php0t | | Homepage: | http://www.zorro.hu | | File Size: | 2402 | | Last Modified: | Jun 21 04:20:48 2006 |
| MD5 Checksum: | 928ac1ba0a1465275897f4e0bcc8bda5 |
|
| /// File Name: |
confixx3-2.txt |
Description:
|
Confixx versions 3 and below suffer from a cross site scripting flaw in ftp_index.php.
| | Author: | p0w3r | | File Size: | 119 | | Last Modified: | Jun 21 04:15:39 2006 |
| MD5 Checksum: | 28ad70896c517ba9b17d446625d24112 |
|
| /// File Name: |
FSA-016.txt |
Description:
|
ISPConfig version 2.2.3 suffers from a file inclusion vulnerability.
| | Author: | Federico Fazzi | | File Size: | 1676 | | Last Modified: | Jun 21 03:54:30 2006 |
| MD5 Checksum: | b782559adcd80e1598ecadd366d2c0fd |
|
| /// File Name: |
phpbluedragon.txt |
Description:
|
PhpBlueDragon CMS version 2.9.1 suffers from a file inclusion vulnerability.
| | Author: | Federico Fazzi | | File Size: | 694 | | Last Modified: | Jun 21 03:53:30 2006 |
| MD5 Checksum: | e361634b53e1bd8ef5e8e4ee76f5506c |
|
| /// File Name: |
confixx3.txt |
Description:
|
Confixx versions 3 and below suffer from a cross site scripting flaw.
| | Author: | p0w3r | | File Size: | 196 | | Last Modified: | Jun 21 03:45:19 2006 |
| MD5 Checksum: | b51dd8db8c1e829026757a9d968af2c6 |
|
| /// File Name: |
secunia-deluxebb.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in DeluxeBB version 1.06, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
| | Author: | Andreas Sandblad | | Homepage: | http://secunia.com/ | | File Size: | 4397 | | Related CVE(s): | CVE-2006-2914, CVE-2006-2915 | | Last Modified: | Jun 21 03:43:42 2006 |
| MD5 Checksum: | 6ece499572842c432fef3343e082165d |
|
| /// File Name: |
fusionpolls.txt |
Description:
|
Fusion Polls appear susceptible to a remote file inclusion vulnerability.
| | Author: | SpC-x | | Homepage: | http://wWw.SaVSaK.CoM/ | | File Size: | 519 | | Last Modified: | Jun 21 03:37:55 2006 |
| MD5 Checksum: | 8637349cdeedfcbafa7db28c5191541a |
|
| /// File Name: |
flipper.txt |
Description:
|
Flipper Poll appears susceptible to a remote file inclusion vulnerability.
| | Author: | SpC-x | | Homepage: | http://wWw.SaVSaK.CoM/ | | File Size: | 568 | | Last Modified: | Jun 21 03:36:54 2006 |
| MD5 Checksum: | cb3c3bb37682185e6e39dffca184f9cf |
|
| /// File Name: |
RahnemaCo.txt |
Description:
|
RahnemaCo appears susceptible to a remote file inclusion vulnerability.
| | Author: | Breeeeh | | Homepage: | http://www.alshmokh.com | | File Size: | 395 | | Last Modified: | Jun 21 03:36:04 2006 |
| MD5 Checksum: | 345d482fef764c28f0330436b36049e0 |
|
| /// File Name: |
technorati.txt |
Description:
|
Technorati.com appears vulnerable to cross site scripting attacks.
| | Author: | luny | | File Size: | 1414 | | Last Modified: | Jun 21 03:35:08 2006 |
| MD5 Checksum: | 6d2c00500418068c204886960c33dd6e |
|
| /// File Name: |
43things.txt |
Description:
|
43things.com appears vulnerable to cross site scripting attacks.
| | Author: | luny | | File Size: | 1907 | | Last Modified: | Jun 21 03:34:34 2006 |
| MD5 Checksum: | 4ef916296ab0d7daf0a051ac8b9dc694 |
|
| /// File Name: |
blogspot.txt |
Description:
|
Blogspot.com appears vulnerable to cross site scripting attacks.
| | Author: | luny | | File Size: | 1724 | | Last Modified: | Jun 21 03:34:13 2006 |
| MD5 Checksum: | c5506d67c5b124b617c7769095970d18 |
|
| /// File Name: |
ashop.txt |
Description:
|
The Ashop search module is susceptible to SQL injection attacks.
| | Author: | EntriKa, The_BeKiR, erne | | File Size: | 171 | | Last Modified: | Jun 21 03:23:29 2006 |
| MD5 Checksum: | 957aa3324427d9f7c8a7342221eb2682 |
|
| /// File Name: |
iso.txt |
Description:
|
ISO.org appears vulnerable to cross site scripting attacks.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de/ | | File Size: | 1009 | | Last Modified: | Jun 21 03:22:24 2006 |
| MD5 Checksum: | 7a255cb0ea03b64eeb44dbd1d885a1a2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
