On Thursday 03 May 2007 22:13:15 3APA3A wrote:
This vulnerability for D-Link DSL-G624T was already reported by Jose
Ramon Palanco. See
http://securityvulns.ru/Odocument816.html
Previously, same problem was reported for D-Link DSL-G604T by Qex
http://securityvulns.ru/Mdocument578.html
Those file references you are pasting are NOT from v4 in fact v4 isnt even
vulnerable. Only 3.5 and earlier.
Hi!
I think this is a XSS in MS SharePoint, you can reproduce it in SharePoint test
server using for example following url:
http://www.example.com/sharepoint/default.aspx/%22);}if(true){alert(%22qwertytis
This is due a lack of string stripping when putting the path into javascript.
It seems
[EMAIL PROTECTED] wrote (a LONG time ago):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SA0012
+
+ WebScarab Cross Site Scripting +
+
Tried and failed.
Exactly how have you configured your test SP site?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, May 04, 2007 3:01 PM
To: bugtraq@securityfocus.com
Subject: XSS in Microsoft SharePoint
Hi!
I think this is a XSS in MS SharePoint, you
?php
#
# Nuked-klaN 1.7.6 Remote Code Execution Exploit
#
# Author: DarkFig [EMAIL PROTECTED]
# Website: http://www.acid-root.new.fr/
# PHP conditions: None =]
# Private since 2 months.
#
error_reporting(E_ALL ^ E_NOTICE); # This file require the
!--
ACP3 (v4.0b3) - Multiple Vulnerabilities
Cookie Manipulation Vulnerability
---
File: search/list/action_search/index.php
Variable: form[search_term]
Cross-Site Scripting Vulnerabilities
File: contact/contact/index.php
[MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue
Details
===
Product: Simple Machines Forum (SMF)
Affected version: 1.1.2 and prior
Remote-Exploit: yes
Vendor-URL: http://www.simplemachines.org
Vendor-Status: informed
Advisory-Status: published
Credits