Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] WebEOC Vuln - more info

SKForum XSS vuln.

[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion

[ GLSA 200604-02 ] Horde Application Framework: Remote code execution

From:	o.y.6_(at)_hotmail.com <o.y.6_(at)_hotmail.com>
Date:	05.04.2006
Subject:	ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz

ArabPortal Bugs :-

       ArabPortal 2.0.1 Stable [ 9 CrossSiteScripting & 1 SQL Injection ] MultBugz

       BugTraqz :- D3vil-0x1 | Devil-00
       Visit Palestine :- www.palestineonly.com

/*

       1- /forum.php?action=view&id=1&cat_id=3&adminJump=D3vil-0x1[HTML - XSS ]
   2- /forum.php?action=view&id=1&cat_id=3&forum_middle=D3vil-0x1[HTML - XSS ]

   //*
       3- /forum.php?mineID=[SQL Injection]
   *//

   4- /members.php?action=changepass&form=D3vil-0x1[HTML - XSS ]
   5- /members.php?action=edit&form=D3vil-0x1[HTML - XSS ]
   6- /pm.php?action=reply&form=D3vil-0x1[HTML - XSS ]
   7- /pm.php?action=sendmsg&form=D3vil-0x1[HTML - XSS ]
   8- /mail.php?action=sendpage&form=D3vil-0x1[HTML - XSS ]
   9- /mail.php?action=sendtome&form=D3vil-0x1[HTML - XSS ]
   10- /mail.php?action=sendtousers&userid=1&form=D3vil-0x1[HTML - XSS ]
*/