Tag: My Vulnerabilities

[This was originally published on OSVDB, now gone. VulnDB IDs 24310, 24311, 24312] From: security curmudgeonTo: aphpkb-devel[at]lists.sourceforge.netDate: Mon, 27 Mar 2006 12:32:18 -0500 (EST)Subject: Andy’s PHP Knowledgebase (aphpkb) security vulnerability Hi Andy, While playing around with your knowledgebase program, I noticed that a few places didn’t sanitize user input, allowing for cross-site scripting (XSS) attacks.…

[This was originally published on OSVDB, now gone. VulnDB IDs 24149, 24150, 24151, 24152, 24153, 24154, 24155, 24156, 24157, 24158] From: security curmudgeonTo: sjrey[at]users.sourceforge.netDate: Sun, 19 Mar 2006 22:42:24 -0500 (EST)Subject: gtd input sanitization (XSS) vulnerabilities Hey Serge, While playing with the version 0.5 demo of gtd, I noticed that the program doesn’t sanitize user…

[This was originally published on OSVDB, now gone, and touched up slightly for style. VulnDB 23958] From: security curmudgeonTo: todd(at)geekforgod.netDate: Sun, 19 Mar 2006 20:40:21 -0500 (EST)Subject: PRB small security vulnerability Hey Todd, When submitting a new prayer request (addRequest.php), the Request field doesn’t sanitize user input. This allows for cross-site scripting (XSS)attacks. You can…

[This was originally published on the VIM mail list. VulnDB 32388] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6691 Since the product isn’t free, I was checking to see if the three different common.php files mentioned were all the same, or attempt to determine it via the demo on the vendor’s web site. When loading them, one only yields a blank page…

[This was originally published on OSVDB, now gone, and touched up slightly for style. Mirrored on attrition.org. VulnDB 20878 & 20879] From: Jericho jericho@xxxxx.netTo: support(at)barracudanetworks.comCc: netsupport@xxxxx.netDate: Fri, 01 Jul 2005 03:37:18 -0600Subject: Barracuda Spam Firewall Cross Site Scripting (XSS) Vulnerabilities Hello, My ISP uses the Barracuda Networks Spam Firewall, Firmware v3.1.17 (2005-08-06 11:48:38). When editing…

[This was originally sent to CVE and Nikto and then published on OSVDB, now gone. It was discovered in an old version of Apache Tomcat and the solution had existed for several years. VulnDB 20033] From: security curmudgeonTo: Steven Christey , Sullo of NiktoDate: Thu, 13 Oct 2005 14:21:33 -0400 (EDT)Subject: Apache Tomcat 4.0.3 MS-DOS…

[This was originally published on OSVDB, now gone, and touched up for style. VulnDB 18533, 18534, 18535, 18536] During communication with the vendor of Whois.Cart regarding previous entries, Alexandre Lemaire was very helpful and prompt in providing information for the OSVDB team to resolve outstanding questions. During the communication, a few low concern issues were found.…

[This was originally disclosed on the SourceForge bug tracker. VulnDB 15754, 15755, & 15756] in 0.7.4: The blog entry title field seems prone to cross site scripting (XSS) attacks. The blog/comment body text seems prone to XSS as well. In the index.php script, the postid variable seems prone to SQL injection attacks.

[This was originally published on OSVDB, now gone, and touched up for style. VulnDB 12143. Discovered while trying to install the script to verify a researcher’s findings.] SecretSanta.phpUsing a ‘ in the account name, full name or group name generates the following error with full install path: Warning: mysql_fetch_row(): supplied argument is not a valid…

[This was originally published on the Mozilla bug tracker and touched up for style and mirrored on attrition.org. VulnDB 8323.] User-Agent: Firefox/0.9.2 (Windoze XP; U) [en]Build Identifier: Firefox/0.9.2 (Windows XP; U) [en] “Load URLs typed into the address bar in new tabs” is selected (not sure if this is part of Tabbrowser Preferences 0.6.5 extension…