Oracle AS Portal is a Web-based application for building and deploying portals.
It provides a
secure, manageable environment for accessing and interacting with enterprise
software services
and information resources. A vulnerability has been identified in Oracle
Application Server 10g,
This co
Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)
About: Oracle Forms is a tool (somewhat like Visual Basic in appearance, but
the code inside is PL/SQL)
which allows a developer to quickly create user-interface applications which
access an Oracle database
in a very efficient and
(http://www.hackerscenter.com)
Credit: Doz
Class: Cross Site Scripting
Remote: Yes
Product: TimeTrex
Vendor: http://www.timetrex.com
Version: N/A
Attackers can exploit these issues via a web client.
http://site.com/interface/Login.php?user_name=admin&password=XSS
http://site.com/interface/
xt of an
affected site. Attackers can exploit these issues via a web client.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Cross Site Scripting
Remote: Yes
Risk: Medium
Product: SchoolCenter
Vendor: http://www.schoolcenter.net
Version: 8.0 &
the context of the affected site. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Cross Site Scripting
Remote: Yes
Product: DocuShare
Vendor: http
he context of the affected site. This may
allow the attacker to steal cookie-based authentication credentials and to
launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: DoZ Class: Input Validation Error
Remote: Yes
Product: WordPress
Version: 2.3.
attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: YES
Class: Improper Validation.
Version: 1.1.4 & Previous!
Vendor: http://www.simplemachines.org
* Attackers can exploit these issues via a web client.
Site.com/component/option,com
)
Credit: Doz
Remote: YES
Class: Improper; Instalation configuration, XSS 7 Validation.
Version: 3.4.06 & Previous!
Vendor: http://forum.snitz.com/
* Attackers can exploit these issues via a web client.
- Default Database Disclosure:
/forum/snitz_forums_2000.mdb
Solution:
Change
er in the
context of the affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: YES
Local: N/A
V
. It comes fully featured on install but is easy to extend.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: DoZ
Risk: Medium
Class: Cross-Site Scripting & SQL
Vendor: http://www.bitweaver.org/
Product: Bitweaver
Version: 2.0.0 & Previous
Examples:
/users/
)
Credit: DoZ
Risk: Medium
Class: Input Validation Error
Local: Yes
Vendor: http://us.mcafee.com/
Product: McAfee SecurityCenter
Version: McAfee Privacy Service 8.1.0.136
Exploit: An exploit is not required.
An attacker may attack this issue to execute code in the context of the
affected
the attacker steal
cookie-based
authentication credentials and launch other attacks. A successful exploit could
allow an attacker to compromise the application by defacing by evil code
injection.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
C
. Everyone loves to create
a
poll and gather opinions and this isn't something that's available on every
other
MySpace resource site.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Vendor: http://www.m2s
.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Vendor: http://www.omnistarlive.com
Product: Omnistar Live
* Attackers can exploit these issues via a web client.
Cross-Site Scripting:
/smartshop/users/kb.php?id=10002
Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Vendor: http://www.smart-shop.com
Product: Smart-Shop
* Attackers can exploit these issues via a web client.
Remote links:
/index.php?page=&email=
/index.php?page=home&
the browser of an unsuspecting user in the context of the affected
site.
This may help the attacker steal cookie-based authentication credentials and
launch
other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation
)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: YES
Local: N/A
Vendor: eGov Strategies LLC
Product: Content Management System
http://www.egovstrategies.com/
Vulrnable Files:
center.exe
Index.exe
Attackers can exploit these issues via a web client.
Exploit URLs
of an unsuspecting user in the context of the affected site.
This may help the attacker steal cookie-based authentication credentials
and launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: YES
Local
unsuspecting user in the context of the affected site.
This may help the attacker steal cookie-based authentication credentials
and launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Cross Site Scripting
Remote: YES
Local: N/A
attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: Yes
Local: Yes
Class: Input Validation Error
Products:
- InterWorx-CP Webmaster Level (SiteWorx) v3.0.2
- InterWorx-CP Server Admin Level (NodeWorx) v3.0.2
Vendor: InterWorx L.L.C. http://interworx.com
://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Remote: Yes
Local: N/A
Product: D22-Shoutbox
Version: N/A
Vendor: http://www.dscripting.com/
Exploit is not needed, Attackers can exploit these issues via a web client.
Only becoming a hacker you can stop a hacker. Were can you learn
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Priority: Medium
Remote: N/A
Local: Yes
Vendor: Headstart Solutions Limited
Web Site: http://www.deskpro.com/
DeskPRO v3.0.2 * Beta and prior Versions May be effected!
* Exploit is not
://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Remote: Yes
Local: N/A
Product: PHPSysInfo
Version: phpSysInfo-2.5.4 *Other version are be vulrnable.
Vendor: http://phpsysinfo.sourceforge.net/
Exploit is not needed, Attackers can exploit these issues via a web client.
Exploit
to have
arbitrary script code execute in the browser of an unsuspecting user in the
context of the affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: YES
Class
: Doz
Remote: No
Local: Yes
Class: Input Validation Error
Application: Horde Webmail
Vendor: http://www.horde.org/
Version: 1.0
Exploit is not needed, Attackers can exploit these issues via a web client.
Vulnerable Files: search.php - rule.php
/horde/imp/search.php
/horde/ingo/rule.php
exploit
this issue.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Access Validation Error
Remote: Yes
Vendor: http://www.wiki.org/
Version: N/A
Exploit: ?action=edit
Example 1: http://www.Site.com/wiki/Main_Page?action=edit
Example 2: http://www.Site.com
vulnerabilities in the
underlying database implementation.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: Yes
Local: Yes
Class: Input Validation Error
SupportSuite - ESupport
Version: 3.00.13 and v3.04.10, other version may be vulrnable.
Vendor: http://www.kayako.com
in the context of the affected site. This may allow an attacker to
steal cookie-based authentication credentials and to launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: No
Local: Yes
Class: Input Validation Error
Vendor: http
more difficult to
defend against, and thus are considered to be more dangerous.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: Yes
Local: Yes
Class: Cross-Site Scripting
Version: Uphotogallery 1.1
vendor: www.uapplication.com
Attackers can exploit
, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: Yes
Local: Yes
Class: Cross-Site Scripting
Version: Ublog Reload 1.0.5
vendor: www.uapplication.com
Attackers
authentication
credentials and launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
vendor: http://www.phorum.org/
Class: Cross-Site Scripting
Remote: Yes
Local: Yes
Version: 5.1.18
Exploit: An attacker can exploit these issues via a web
attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: NO
Local: Yes
Class: Input Validation Error
vendor: www.interactive-scripts.com
Hi can you post for solution that this bug is fixed, they haave fixed it and
demand i tell you guys to fix it for my security. So if you can put for
solution, check Omniture site for any new updates, the application is fixed.
thank you guys.
Group (http://www.hackerscenter.com)
Credit: Doz
Remote: NO
Local: Yes
Class: Input Validation Error
version: ezDatabase 2.1.3
Vendor: www.ezdatabase.org
Exploit: Admin Panel Database
Demo: www.ezdatabase.org/demo/admin/login.php
could allow an attacker to
compromise the application, access or modify data, or exploit vulnerabilities
in the underlying database implementation.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: No
Local: Yes - Admin
exploit
vulnerabilities in the underlying database implementation.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: No
Local: Yes - Admin Panel
Version: Login Manager V3.0
Vendor: www.easebayresources.com
Online Demo
redit: Doz
Risk: Low
vendor: http://www.myshoutbox.com/
Class: Cross-Site Scripting
Remote: Yes
Version: Current ShoutBox
Exploit: An attacker can exploit these issues via a web client.
An attacker may leverage this issue to have arbitrary script code execute in
the browser of an unsuspecting
rver discussion forum solution available allowing you to easily set-up,
customize and maintain demanding online communities or internal collaboration
environments.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
vendor: www.instantasp.co.uk
Class: C
Ashop Commerce provides a turn-key ecommerce solution with it's revolutionary
online store building software. One of the worlds most easy to use web based
administrations with award winning features allows the merchant to set up an
online store capable of competing with the webs most powerful st
This is a user management program where the users can register themselves by
providing their username and passwords for protecting their webcontents. This
program provide features like remembering login with cookies, automatic login,
extended user info, expire user by date, admin can activate ma
Secure Login Manager 1.0 is a program where the users can access the password
protected webpages on their website. This program avoids unauthorized access by
the users on webpage. Redirect unauthorized users to login page, manage users;
passwords via admin page, configure up to 3 levels of secur
attacks.
PHP Live! 3.2.2 Multiple Cross-Site Scripting Vulnerabilities
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium to High
Vendor: www.phplivesupport.com/
Class: Cross-Site Scripting
Remote: Yes
Local: Yes
Free Trial: www.phplivesupport.com
Hackers Center Security Group (http://www.hackerscenter.com/)
Doz's Security Advisory
Desc: SiteCatalyst Web Login Cross Site Vulrnabilities
Risk: Medium
Omniture, Inc aims its aperture at your Web site. The company provides Internet
analytic software and services to cor
Hackers Center Security Group (http://www.hackerscenter.com/)
Doz's Security Advisory
Desc: ShopSite Shopping Cart Multiple XSS
Risk: Medium
ShopSite is the easiest-to-use shopping cart software for small to medium-sized
businesses. ShopSite ecommerce shopping cart is one of the most user-frie
Details
The first vulnerability issue is due to an input validation error in
"index.php" "diapo.php" and "affich.php" scripts that do not validate
"rep","image" variables, which may be exploited to cross site scripting attacks.
http://traget/index.php?rep=[xss]
http://traget/diapo.php?rep=[
45 matches
Mail list logo
