Re: PHP Booking Calendar 10e XSS

On Sun, Dec 18, 2011 at 03:15:36PM -0500, tom wrote: > # Exploit Title: PHP Booking Calendar 10e XSS > # Date: 12/16/11 > # Author: G13 > # Software Link: http://sourceforge.net/projects/bookingcalendar/ > # Version: 10e > # Category: webapps (php) > # > > # Vulnerability # > > The page_i

SQL Injection Vulnerability in OpenEMR 4.1.0

Information Name :  SQL Injection Vulnerability in OpenEMR Software :  OpenEMR 4.1.0 and possibly below. Vendor Homepage :  http://www.open-emr.org Vulnerability Type :  SQL Injection Severity :  Critical Researcher :  Canberk Bolat Advisory Reference :  NS-12-001 Description

[SE-2011-01] Security vulnerabilities in a digital satellite TV platform

Dear Bugtraq, The following information might be of interest for the readers of this list. Security Explorations, a security and vulnerability research company from Poland, discovered multiple security vulnerabilities in the major polish digital satellite platform "N" [1]. The most serious of t

[RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator

Advisory: Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting discovered a Cross-Site Scripting (XSS) vulnerability in Bugzilla's chart generator during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attac

mavili guestbook - SQL Injection and XSS Vulnerabilities

Title: mavili guestbook - SQL Injection and XSS Vulnerabilities Software : mavili guestbook Software Version : 200711 Vendor: http://code.google.com/p/maviliguestbook/ Vulnerability Published : 2012-01-03 Vulnerability Update Time : Status : Impact : High Bug Description : mavili guestboo

Tinyguestbook XSS

# Exploit Title: Tinyguestbook XSS # Date: 01/03/12 # Author: G13 # Software Link: http://code.google.com/p/tinyguestbook/ # Category: webapps (php) # # Vulnerability # There is no sanitation on the input of the msg variable. This allows malicious scripts to be added. This is a stored X

OpenKM 5.1.7 OS Command Execution (XSRF based)

## # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ ## # # ID: COMPASS-2012-002 # Product: OpenKM Document Management System 5.1.7 [1] # Vendor:

OpenKM 5.1.7 Privilege Escalation

## # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ ## # # ID: COMPASS-2012-001 # Product: OpenKM Document Management System 5.1.7 [1] # Vendor:

BigACE CMS - XSS Vulnerabilities

Title: BigACE CMS - XSS Vulnerabilities Software : BigACE CMS Software Version : 2.7.5 Vendor: http://www.bigace.de/ Vulnerability Published : 2011-10-11 Vulnerability Update Time : Status : Impact : Medium Bug Description : BigACE Content Management System(version update : 2.7.5) is vuln

[ MDVSA-2012:002 ] t1lib

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:002 http://www.mandriva.com/security/ _