Next Page >>
Input Validation Error
Credit: Doz
Remote: Yes
Local: Yes
Class: Input Validation Error
Products:
Overview: SocialURL is a social community platform enabling you to organize your online identities. Connnect to all your social network sites with one URL.
SocialURL fails to sufficiently sanitize user-supplied input data via login box.
Class: Input Validation Error
Example:
1.<script>alert('xss')</script>
2.<iframe>
Discovered by: Joshua Morin
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: YES
Local: N/A
Vendor: eGov Strategies LLC
Class Input Validation Error
CVE CVE-2011-1038
Remote Yes
Local No
Published Feb 16 2011 09:33AM
Credit Dave Daly
Vulnerable Domino Sametime 8.0.1
Domino Sametime is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
dotDefender is prone to a XSS because it doesn't satinate the input vars
correctly. Injecting obfusctated JavaScript code based on references vars
assignment, the dotDefender WAF is vulnerable.
Class: Input Validation Error
Remote: Yes
Credit: David K. (SH4V)
Vulnerable: till 4.02
Exploit:
Vendor Site: http://abledesign.com/
Version affected: ???
Demo: http://abledesign.com/demo/pframe.php
Class: Input Validation Error
Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fails to sufficiently sanitize user-supplied input data in "Image URL" text box by pressing the "submit" button.
Example:
1.<html><font color="Red"><b>XSS</b></font></html>
Vendors contacted: VMware Inc.
Release mode: User release
*Vulnerability Information*
Class: Input Validation Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Client-side Exploitable: No
Bugtraq ID: 27944
CVE Name: CVE-2008-0923
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Remote: Yes
Product:IPortalX
Version: All
Vendor: http://www.iportalx.net/
Class Input Validation Error
CVE
Remote Yes
Local No
Published Feb 14 2011 08:55AM
Credit Dionach
Vulnerable Kodak InSite 5.5.2
Kodak InSite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: YES
Vendor: http://livecart.com
Version: 1.0.1
=========================================
==========================================================================================
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron aka "Lament"
Exploit:
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Remote: Yes
Local: N/A
Product: PHPSysInfo
Class Input Validation Error
CVE
Remote Yes
Local No
Published Feb 14 2011 08:55AM
Credit Dionach
Vulnerable Kodak InSite 5.5.2
Kodak InSite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
http://blog.hispasec.com/lab/
Name : X-Diesel Unreal Commander v0.92 (build 573) multiple
vulnerabilities
Class : Local/Remote multiple directory traversal (Input
Validation Error)
Threat level : HIGH
Discovered : 2007-08-09
Published : 2007-08-23
Credit : Gynvael Coldwind
Vulnerable : 0.92 (build 573), 0.92 (build 565), prior also may be affected
Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of
Service Vulnerability
Date: Feb 25 2009
Class: Input Validation Error
Local: Yes
Remote: Yes
Vulnerable Versions:
* Apple Safari 4 (528.16) Public Beta
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Vendor: http://www.omnistarlive.com
Product: Omnistar Live
-------------------------------------
Software: AstroCam
Vulnerable: 2.5.0-2.7.3
Not vulnerable: 2.7.4
Class: Input Validation Error
Remote: Yes
Local: Yes
Credit: This issue was announced by the vendor.
Anouncement: http://wendzel.de/?sub=showpost&blogid=5&postid=56
Project URL: http://wendzel.de/?sub=softw&ssub=acam
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Remote: YES
Local: N/A
Platform: Windows Servers
# _____________________________________________________________________________________________ˆ
# .: [Classification]
# Attack Type: Input Manipulation
# Impact: Loss of Integrity
# Fix: N/A Public release vulnz: {27-07-2008 Sun}
# Class Input Validation Error
# _____________________________________________________________________________________________ˆ
# .: [Solution]
# Upgrade to version 4.03 or higher, as it has been reported to fix this vulnerability.
# An upgrade is required as there are no known workarounds.
# Actual Version: Web Wiz Rich Text Editor (RTE) 4.02
ARISg5 (version 5.0) cross site scripting vulnerability
-----------------------------------------------------------------------
Application name: ARISg5 (arisglobal)
Version: 5.0
Class: Input Validation Error
Type: Cross Site Scripting (XSS)
Remote: Yes
Credit: Yaniv Miron
Exploit:
Class: Input Validation Error
Risk: Low
Remote: Yes
Oracle has just released CPU July 2008 critical patch that fixes a flaw
which allows code injection by malicious web users into the web pages
viewed by other users.
The security issue was found on POPUP_NAME parameter OF
PORTAL.WWPOB_HOME_PAGE web page of Oracle Portal.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Risk: Medium
Class: Input Validation Error
Vendor: http://www.m2scripts.com
Product: MySpace Scripts - Poll Creator
Class Input Validation Error
CVE
Remote Yes
Local No
Published Mar 30 2011 11:00AM
Credit Dionach
Vulnerable Grapecity DataDynamics Report Library 1.6.1871.61 and earlier
Grapecity's DataDynamics Report Library is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Priority: Medium
Remote: N/A
Local: Yes
Date: 2008/12/15
Status: Full
Class: Input Validation Error
Bugtraq ID: N/A
Category: Cross Site Scripting
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Remote: Yes
Local: N/A
Product: D22-Shoutbox
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
Vulnerable: v3.0.7.x
Vendor: www.rj-itop.com
Category: Input Validation Error
Impact: SQL injection
Details:
=========
General Information
--------------------------
Name : Tikiwiki 1.9.8.3
Vendor HomePage :http://tikiwiki.org
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Error
Timeline
-------------------------
17 December 2007 -- Vendor Contacted
19 December 2007 -- Vendor Replied
Vulnerability: Nucleus v3.51 ( other or lower version may also be affected)
Vendor: http://nucleuscms.org/
Category: Input Validation Error
Impact: (rfi/lfi) Multiple Vulnerability
Details:
Multiple Vulnerability has been found in Nucleus v3.51 because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
General Information
--------------------------
Name : EggBlog v.3.1.0
Vendor HomePage :http://sourceforge.net/projects/eggblog/
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Error
Timeline
-------------------------
08 October 2007 -- Vendor Contacted
30 October 2007 -- Vendor Replied
Next Page>>
|
