|
33868
|
Views: 8442
Description:
HyperBook Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting data/gbconfiguration.dat directly, which will disclose the administrator's MD5 password hash to a remote attacker.
Comments: 0, Blogs: 0, References: 4
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | - Third-party Verified
- Uncoordinated Disclosure
| |
|
HyperBook Guestbook data/gbconfiguration.dat Direct Request Information Disclosure
|
|
81355
|
Views: 2667
Description:
DokuWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'target' parameter upon submission to the doku.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Comments: 0, Blogs: 0, References: 5
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
DokuWiki doku.php target Parameter XSS
|
|
89337
|
Views: 1187
Description:
IP.Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'img' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Comments: 0, Blogs: 0, References: 4
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
IP.Gallery index.php img Parameter SQL Injection
|
|
79640
|
Views: 953
Description:
OxWall contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'tag' parameter upon submission to the '/blogs/browse-by-tag' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Comments: 0, Blogs: 0, References: 13
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
OxWall /blogs/browse-by-tag tag Parameter XSS
|
|
16089
|
Views: 886
Description:
AWStats contains several flaws that may allow a malicious user to execute arbitrary code. The issue is triggered when providing shell meta-characters to the "pluginmode", "loadplugin", or "noloadplugin" variables of the awstats.pl script. It is possible that the flaw may allow execution of arbitrary commands under the web server privileges resulting in a loss of integrity.
Comments: 0, Blogs: 0, References: 11
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
AWStats awstats.pl Multiple Parameter Shell Metacharacter Arbitrary Command Execution
|
|
32774
|
Views: 768
Description:
PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not escape the content of user supplied arrays in GET, POST or COOKIE variables upon submission to phpinfo(). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 11
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
PHP phpinfo() Multiple Method User Supplied Array XSS
|
|
20954
|
Views: 640
Description:
VP-ASP Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "UserName" variable upon submission to the shopadmin.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
VP-ASP Shopping Cart shopadmin.asp UserName Parameter XSS
|
|
32781
|
Views: 562
Description:
PHP contains a flaw that may allow a malicious user to access arbitrary memory addresses. The issue is due to the shared memory (shmop) function failing to verify if the type of resource supplied is a shmop resource. By using other types of resources it is possible to read and write to shared memory addresses resulting in a loss of integrity and/or availability.
Comments: 0, Blogs: 0, References: 22
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | - Loss of Integrity
- Loss of Availability
| | | | |
|
PHP shmop Function Arbitrary Memory Manipulation
|
|
21221
|
Views: 520
Description:
Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the remote image url upon submission to the "Add Image From Web" feature. This could allow a user to create a specially crafted page that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 12
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Gallery Add Image From Web XSS
|
|
27920
|
Views: 503
Description:
XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate data posted in the forum. Especially the <IMG SRC> tag. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 6
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
XMB IMG Element SRC Attribute XSS
|