Thomson SpeedTouch 500 modems vulnerable to XSS

2006-02-27 Thread preben
hy user (through proxy) 0=10&1=usrAccApply&34=NewUser&36=1&33=test&31=[code here] SOLUTION: Check vendor's site for firmware upgrade. As of this writing, none is available PROVIDED AND DISCOVERED BY: Preben Nyløkken

Vulnerability in WinRAR - Phishing based

2006-02-18 Thread preben
Phishing through WinRAR 3.51 Credit to: Preben Nyløkken Tested on version: 3.51 Vendors site: www.rarlabs.com Vendor status: Tried contacting without luck. Description: Due to the build-up of WinRAR, some vital parts of the programs functions and url'

SoftMaker Shop is vulnerable to XSS

2006-02-02 Thread preben
s not based on white listing you can conduct successful XSS attacks with code like "". PoC: http://www.example.example/shop/handle/varer/sok/resultat.asp?strSok=%3CIMG+SRC%3Djavascript%3Aalert%28%26quot%3BXSS%26quot%3B%29%3E&valg=varer Vendors site:http://www.softmaker.no Please credit to: Preben Nyløkken

Daffodil CRM - vulnerable to SQL-injection.

2006-02-01 Thread preben
Daffodil CRM does not properly sanities it's input’s on the login page; http://www.SITE.com:8080/daffodilcrm/userlogin.jsp Therefore SQL-injection attacks are possible. PoC could be: 1'or'1'='1 Vendor’s homepage is: http://www.daffodildb.com/crm/ Please credit to: Preben Nyløkken

Cerberus Helpdesk vulnerable to XSS

2006-01-31 Thread preben
/clients.php?mode=search&sid=&contact_search=alert('c') Vendor’s site: http://www.webgroupmedia.com Please credit to: Preben Nyløkken

BrowserCRM vulnerable for XSS

2006-01-31 Thread preben
s not based on white listing you can conduct successful XSS attacks with code like "". PoC: http://www.SITE.example/modules/Search/results.php?query=%3CIMG+SRC%3Djavascript%3Aalert%28String.fromCharCode%2888%2C83%2C83%29%29%3E Vendors site:http://www.browsercrm.com/ Please credit to: Preben Nyløkken

XSS flaw in MG2 Image Gallery (v.0.5.1)

2006-01-30 Thread preben
Other versions might be flawed too. Please credit to: Preben Nyløkken

EasyCMS vulnerable to XSS injection.

2006-01-30 Thread preben
’) will work. Nearly all of the systems input boxes is open for scripting tags. Furthermore it’s open for directory browsing ( http:///images ). The developers has been notified, and working on patching the system. Please credit to: Preben Nyløkken

fipsCMS light - vulnerable to script injection.

2005-11-14 Thread preben
fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, you can generate new pages in the CMS system. If you inject the "headline" field with scriptingcode like alert(‘code executed’), this will automaticly launch when a users visits that site. Please credit

ASPKnowledgebase vulnerable to XSS injection.

2005-11-09 Thread preben
of script when a user visits that page. This is highly dangerous as you can script what ever you like. Often these types of attacks are used for cookie thefts and so on. Please credit to: Preben Nyløkken

ASPKnowledgebase vulnerable to SQL-inject

2005-11-09 Thread preben
1 on the admin logon page: /adminlogin.asp Please credit to: Preben Nyløkken

Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images

2005-10-29 Thread preben
m can be downloaded from: http://www.minigal.dk/ Please credit find to: Preben Nylokken