jetlib.sec » Tags » ajax

Feeds

133337 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

96 items tagged "ajax"

Related tags: wordpress [+], event [+], webapps [+], php [+], chat [+], site [+], cms [+], calendar version [+], calendar [+], aidicms [+], vulnerabilities [+], upload [+], txt [+], phpbb [+], log [+], event calendar [+], category [+], calendar component [+], authors [+], zingiri [+], wp ajax recent posts [+], web [+], usa [+], shell [+], shah tags [+], security vulnerabilities [+], script [+], rich internet [+], ria [+], remote shell [+], plugin version [+], phpmyfaq [+], phpfox [+], manx [+], manager v1 [+], joomla [+], image [+], gallery 3 [+], gallery [+], freewebshop [+], forgery [+], file renaming [+], dropdown [+], command execution [+], command [+], browser [+], zenphoto [+], xss [+], windows [+], web application [+], sql injection [+], sql [+], sleeping giant [+], security [+], rafal los [+], rabbit hole [+], rabbit [+], manset [+], lfi [+], httpconsole [+], http [+], hosts [+], file upload [+], dom [+], dokuwiki [+], deadly cocktail [+], command line interface [+], black hat [+], vulnerability [+], code execution [+], zane lackey [+], vulns [+], view [+], video [+], vanilla [+], security authors [+], security advisory [+], secunia [+], retired [+], php sql [+], penny auction [+], malaysia [+], lussumo [+], login [+], lackey [+], internet applications [+], hole [+], hastymail [+], hacking [+], hack in the box [+], event id [+], dom exploiting [+], calendar event [+], bugtraq [+], billy hoffman [+], bannerize [+], asia [+], alex stamos [+], advisory [+], code [+], file [+], execution [+], cross [+], day [+], image manager [+], cross site scripting [+]

• May 21, 2012
• 0:00

  Vuln: WordPress Login With Ajax Plugin Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress Login With Ajax Plugin Cross Site Scripting Vulnerability

  Tags:  wordpress ajax login vulnerability  

• March 23, 2012
• 16:44

  phpFox 3.0.1 Remote Command Execution

   » ‎ Packet Storm Security Exploits
  phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.

  Tags:  phpfox execution command command-execution ajax  

• 16:44

  phpFox 3.0.1 Remote Command Execution

   » ‎ Packet Storm Security Recent Files
  phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.

  Tags:  phpfox execution command command-execution ajax  

• 16:44

  phpFox 3.0.1 Remote Command Execution

   » ‎ Packet Storm Security Misc. Files
  phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.

  Tags:  phpfox execution command command-execution ajax  

• March 13, 2012
• 15:00

  [webapps / 0day] - Ajax PHP Penny Auction CSRF Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax PHP Penny Auction CSRF Vulnerability

  Tags:  day webapps penny-auction ajax vulnerability  

• January 30, 2012
• 14:00

  [webapps / 0day] - Ajax Upload Arbitrary File Upload

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax Upload Arbitrary File Upload

  Tags:  upload day ajax webapps file-upload  

• 3:11

  Ajax Upload Shell Upload

   » ‎ Packet Storm Security Exploits
  Ajax Upload suffers from a remote shell upload vulnerability.

  Tags:  upload shell ajax remote-shell vulnerability  

• 3:11

  Ajax Upload Shell Upload

   » ‎ Packet Storm Security Recent Files
  Ajax Upload suffers from a remote shell upload vulnerability.

  Tags:  upload shell ajax remote-shell vulnerability  

• 3:11

  Ajax Upload Shell Upload

   » ‎ Packet Storm Security Misc. Files
  Ajax Upload suffers from a remote shell upload vulnerability.

  Tags:  upload shell ajax remote-shell vulnerability  

• January 06, 2012
• 21:49

  [Slides] AJAX (in)security

   » ‎ SecDocs
  Authors: Billy Hoffman
  Tags: AJAX
  Event: Black Hat USA 2006
  

  Tags:  authors security ajax billy-hoffman usa security-authors black-hat  

• December 31, 2011
• 21:46

  [Slides] Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0

   » ‎ SecDocs
  Authors: Alex Stamos Zane Lackey
  Tags: web application AJAX
  Event: Black Hat Asia 2006
  

  Tags:  vulns web ajax alex-stamos zane-lackey asia black-hat lackey  

• December 13, 2011
• 0:00

  Vuln: WordPress SCORM Cloud Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  WordPress SCORM Cloud Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities

  Tags:  sql-injection ajax  

• November 30, 2011
• 0:00

  Vuln: Hastymail2 'ajax.php' Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Hastymail2 'ajax.php' Cross Site Scripting Vulnerability

  Tags:  hastymail php ajax vulnerability  

• 0:00

  Vuln: Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

  Tags:  file ajax php image-manager vulnerability  

• November 29, 2011
• 16:18

  Ajax Script Cross Site Scripting / SQL Injection

   » ‎ Packet Storm Security Exploits
  Ajax Script suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  cross ajax script cross-site-scripting  

• 16:18

  Ajax Script Cross Site Scripting / SQL Injection

   » ‎ Packet Storm Security Recent Files
  Ajax Script suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  cross ajax script cross-site-scripting  

• 16:18

  Ajax Script Cross Site Scripting / SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Ajax Script suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  cross ajax script cross-site-scripting  

• November 28, 2011
• 15:46

  Manx 1.0.1 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Manx version 1.0.1 suffers from multiple cross site scripting vulnerabilities in ajax_get_file_listing.php.

  Tags:  cross manx site ajax vulnerabilities  

• 15:46

  Manx 1.0.1 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Manx version 1.0.1 suffers from multiple cross site scripting vulnerabilities in ajax_get_file_listing.php.

  Tags:  cross manx site ajax vulnerabilities  

• 15:46

  Manx 1.0.1 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Manx version 1.0.1 suffers from multiple cross site scripting vulnerabilities in ajax_get_file_listing.php.

  Tags:  cross manx site ajax vulnerabilities  

• November 24, 2011
• 14:00

  [webapps / 0day] - Log1CMS 2.0 (ajax_create_folder.php) Remote Code Execution

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Log1CMS 2.0 (ajax_create_folder.php) Remote Code Execution

  Tags:  day cms webapps code-execution ajax  

• 9:22

  Log1CMS 2.0 Remote Code Execution

   » ‎ Packet Storm Security Exploits
  Log1CMS version 2.0 remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  code log cms code-execution ajax  

• 0:00

  Vuln: Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

  Tags:  file ajax php image-manager vulnerability  

• November 23, 2011
• 14:00

  [webapps / 0day] - Log1CMS 2.0 (ajax_create_folder.php) Remote Code Execution

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Log1CMS 2.0 (ajax_create_folder.php) Remote Code Execution

  Tags:  day cms webapps code-execution ajax  

• November 17, 2011
• 0:00

  Vuln: Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

  Tags:  file ajax php image-manager vulnerability  

• November 16, 2011
• 7:38

  FreeWebShop 2.2.9 R2 Remote Code Execution

   » ‎ Packet Storm Security Exploits
  FreeWebShop versions 2.2.9 R2 and below remote code execution exploit that leverages ajax_save_name.php.

  Tags:  code freewebshop execution code-execution ajax  

• 7:38

  FreeWebShop 2.2.9 R2 Remote Code Execution

   » ‎ Packet Storm Security Recent Files
  FreeWebShop versions 2.2.9 R2 and below remote code execution exploit that leverages ajax_save_name.php.

  Tags:  code freewebshop execution code-execution ajax  

• 7:38

  FreeWebShop 2.2.9 R2 Remote Code Execution

   » ‎ Packet Storm Security Misc. Files
  FreeWebShop versions 2.2.9 R2 and below remote code execution exploit that leverages ajax_save_name.php.

  Tags:  code freewebshop execution code-execution ajax  

• November 13, 2011
• 11:25

  WordPress Zingiri 2.2.3 Code Execution

   » ‎ Packet Storm Security Exploits
  The WordPress Zingiri plugin versions 2.2.3 and below suffer from a code execution vulnerability in ajax_save_name.php.

  Tags:  code wordpress zingiri code-execution ajax  

• 11:25

  WordPress Zingiri 2.2.3 Code Execution

   » ‎ Packet Storm Security Recent Files
  The WordPress Zingiri plugin versions 2.2.3 and below suffer from a code execution vulnerability in ajax_save_name.php.

  Tags:  code wordpress zingiri code-execution ajax  

• 11:25

  WordPress Zingiri 2.2.3 Code Execution

   » ‎ Packet Storm Security Misc. Files
  The WordPress Zingiri plugin versions 2.2.3 and below suffer from a code execution vulnerability in ajax_save_name.php.

  Tags:  code wordpress zingiri code-execution ajax  

• November 07, 2011
• 0:00

  Vuln: Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

  Tags:  file ajax php image-manager vulnerability  

• November 05, 2011
• 21:00

  [webapps / 0day] - Ajax File Manager File Upload Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax File Manager File Upload Vulnerability

  Tags:  day ajax file webapps file-upload  

• 17:42

  phpMyFAQ 2.7.0 Code Execution

   » ‎ Packet Storm Security Exploits
  phpMyFAQ versions 2.7.0 and below remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  phpmyfaq code execution code-execution ajax  

• 17:42

  phpMyFAQ 2.7.0 Code Execution

   » ‎ Packet Storm Security Recent Files
  phpMyFAQ versions 2.7.0 and below remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  phpmyfaq code execution code-execution ajax  

• 17:42

  phpMyFAQ 2.7.0 Code Execution

   » ‎ Packet Storm Security Misc. Files
  phpMyFAQ versions 2.7.0 and below remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  phpmyfaq code execution code-execution ajax  

• 17:30

  AidiCMS 3.55 Code Execution

   » ‎ Packet Storm Security Exploits
  AidiCMS version 3.5.5 remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  code aidicms execution code-execution ajax  

• 17:30

  AidiCMS 3.55 Code Execution

   » ‎ Packet Storm Security Recent Files
  AidiCMS version 3.5.5 remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  code aidicms execution code-execution ajax  

• 17:30

  AidiCMS 3.55 Code Execution

   » ‎ Packet Storm Security Misc. Files
  AidiCMS version 3.5.5 remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  code aidicms execution code-execution ajax  

• 17:27

  Zenphoto 1.4.1.4 Code Execution

   » ‎ Packet Storm Security Exploits
  Zenphoto versions 1.4.1.4 and below remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  zenphoto code execution code-execution ajax  

• 17:27

  Zenphoto 1.4.1.4 Code Execution

   » ‎ Packet Storm Security Recent Files
  Zenphoto versions 1.4.1.4 and below remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  code-execution ajax  

• 17:27

  Zenphoto 1.4.1.4 Code Execution

   » ‎ Packet Storm Security Misc. Files
  Zenphoto versions 1.4.1.4 and below remote code execution exploit that leverages ajax_create_folder.php.

  Tags:  zenphoto code execution code-execution ajax  

• November 04, 2011
• 21:00

  [webapps / 0day] - aidiCMS v3.55 (ajax_create_folder.php) Remote Code Execution

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - aidiCMS v3.55 (ajax_create_folder.php) Remote Code Execution

  Tags:  day aidicms ajax code-execution  

• 15:00

  [webapps / 0day] - aidiCMS v3.55 (ajax_create_folder.php) Remote Code Execution

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - aidiCMS v3.55 (ajax_create_folder.php) Remote Code Execution

  Tags:  day aidicms ajax code-execution  

• 8:36

  Ajax File And Image Manager 1.0 Final Code Execution

   » ‎ Packet Storm Security Exploits
  Ajax File and Image Manager version 1.0 Final suffers from a remote code execution vulnerability.

  Tags:  image file ajax code-execution image-manager  

• 8:36

  Ajax File And Image Manager 1.0 Final Code Execution

   » ‎ Packet Storm Security Recent Files
  Ajax File and Image Manager version 1.0 Final suffers from a remote code execution vulnerability.

  Tags:  image file ajax code-execution image-manager  

• 8:36

  Ajax File And Image Manager 1.0 Final Code Execution

   » ‎ Packet Storm Security Misc. Files
  Ajax File and Image Manager version 1.0 Final suffers from a remote code execution vulnerability.

  Tags:  image file ajax code-execution image-manager  

• November 03, 2011
• 21:00

  [webapps / 0day] - Ajax File and Image Manager v1.0 Final Remote Code Execution

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax File and Image Manager v1.0 Final Remote Code Execution

  Tags:  day file ajax code-execution image-manager manager-v1  

• 15:00

  [webapps / 0day] - Ajax File and Image Manager v1.0 Final Remote Code Execution Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax File and Image Manager v1.0 Final Remote Code Execution Vulnerability

  Tags:  day file ajax code-execution image-manager manager-v1  

• 15:00

  [webapps / 0day] - Ajax File and Image Manager v1.0 Final Remote Code Execution

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax File and Image Manager v1.0 Final Remote Code Execution

  Tags:  day file ajax code-execution image-manager manager-v1  

• September 22, 2011
• 13:33

  [Paper] Hacking Browser's DOM - Exploiting Ajax and RIA

   » ‎ SecDocs
  Authors: Shreeraj Shah
  Tags: AJAX XSS Rich Internet Applications
  Event: Black Hat USA 2010
  Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.

  Tags:  xss ajax browser ria authors shah-tags dom rich-internet usa deadly-cocktail sleeping-giant  

• 13:33

  [Slides] Hacking Browser's DOM - Exploiting Ajax and RIA

   » ‎ SecDocs
  Authors: Shreeraj Shah
  Tags: AJAX XSS Rich Internet Applications
  Event: Black Hat USA 2010
  Abstract: Web 2.0 applications are using dynamic DOM manipulations extensively for presenting JSON or XML streams in the browser. These DOM calls mixed with XMLHttpRequest (XHR) object are part of client side logic written in JavaScript or part of any other client side technology be it Flash or Silverlight. DOM driven XSS is a sleeping giant in the application code and it can be exploited by an attacker to gain access to the end user’s browser/desktop. This can become a root cause of following set of interesting vulnerabilities – Cross Widget Sniffing, RSS feed reader exploitation, XHR response stealing, Mashup hacking, Malicious code injection, Spreading Worm etc. This set of vulnerability needs innovative way of scanning the application and corresponding methodology needs to be tweaked. We have seen DOM driven XSS exploited in various different popular portals to spread worm or virus. This is a significant threat on the rise and should be mitigated by validating un-trusted content poisoning Ajax or Flash routines. DOM driven XSS, Cross Domain Bypass and CSRF can cause a deadly cocktail to exploit Web 2.0 applications across Internet. This presentation will be covering following important issues and concepts.

  Tags:  xss ajax browser ria authors shah-tags dom rich-internet usa deadly-cocktail sleeping-giant  

• September 01, 2011
• 0:00

  Vuln: WordPress WP Bannerize 'ajax_clickcounter.php' SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  WordPress WP Bannerize 'ajax_clickcounter.php' SQL Injection Vulnerability

  Tags:  bannerize wordpress ajax sql-injection php-sql  

• August 18, 2011
• 18:35

  WordPress Ajax Gallery 3.0 SQL Injection

   » ‎ Packet Storm Security Exploits
  WordPress Ajax Gallery plugin versions 3.0 and below suffer from a remote SQL injection vulnerability.

  Tags:  gallery wordpress ajax gallery-3  

• 18:35

  WordPress Ajax Gallery 3.0 SQL Injection

   » ‎ Packet Storm Security Recent Files
  WordPress Ajax Gallery plugin versions 3.0 and below suffer from a remote SQL injection vulnerability.

  Tags:  gallery wordpress ajax gallery-3  

• 18:35

  WordPress Ajax Gallery 3.0 SQL Injection

   » ‎ Packet Storm Security Misc. Files
  WordPress Ajax Gallery plugin versions 3.0 and below suffer from a remote SQL injection vulnerability.

  Tags:  gallery wordpress ajax gallery-3  

• August 17, 2011
• 21:00

  [webapps / 0day] - WordPress Ajax Gallery plugin

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - WordPress Ajax Gallery plugin

  Tags:  day wordpress ajax webapps  

• July 25, 2011
• 12:22

  phpBB AJAX Chat/Shoutbox Cross Site Request Forgery

   » ‎ Packet Storm Security Advisories
  The AJAX Chat/Shoutbox module in phpBB suffers from a cross site request forgery vulnerability.

  Tags:  chat phpbb ajax forgery vulnerability  

• 12:22

  phpBB AJAX Chat/Shoutbox Cross Site Request Forgery

   » ‎ Packet Storm Security Recent Files
  The AJAX Chat/Shoutbox module in phpBB suffers from a cross site request forgery vulnerability.

  Tags:  chat phpbb ajax forgery vulnerability  

• 12:22

  phpBB AJAX Chat/Shoutbox Cross Site Request Forgery

   » ‎ Packet Storm Security Misc. Files
  The AJAX Chat/Shoutbox module in phpBB suffers from a cross site request forgery vulnerability.

  Tags:  chat phpbb ajax forgery vulnerability  

• 10:00

  Bugtraq: phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability

  Tags:  chat phpbb ajax bugtraq vulnerability  

• May 31, 2011
• 6:43

  HTTPConsole 1.0.0.0 For Windows

   » ‎ Packet Storm Security Recent Files
  This is an HTTP console to remote administer Windows hosts with a browser-based, AJAX-enabled, command-line interface. Server requires .NET 3.5. Written in C# and JavaScript.

  Tags:  http httpconsole windows command-line-interface ajax hosts  

• 6:43

  HTTPConsole 1.0.0.0 For Windows

   » ‎ Packet Storm Security Misc. Files
  This is an HTTP console to remote administer Windows hosts with a browser-based, AJAX-enabled, command-line interface. Server requires .NET 3.5. Written in C# and JavaScript.

  Tags:  http httpconsole windows command-line-interface ajax hosts  

• May 24, 2011
• 21:59

  Ajax Chat 1 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Ajax Chat version 1 suffers from a cross site scripting vulnerability.

  Tags:  cross chat ajax cross-site-scripting vulnerability  

• 21:59

  Ajax Chat 1 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Ajax Chat version 1 suffers from a cross site scripting vulnerability.

  Tags:  cross chat ajax cross-site-scripting vulnerability  

• 21:59

  Ajax Chat 1 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Ajax Chat version 1 suffers from a cross site scripting vulnerability.

  Tags:  cross chat ajax cross-site-scripting vulnerability  

• May 05, 2011
• 10:41

  Ajax Calendar 1.0 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  Ajax Calendar version 1.0 suffers from a cross site scripting vulnerability.

  Tags:  cross calendar ajax calendar-version vulnerability  

• 10:41

  Ajax Calendar 1.0 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  Ajax Calendar version 1.0 suffers from a cross site scripting vulnerability.

  Tags:  calendar-version ajax vulnerability  

• 10:41

  Ajax Calendar 1.0 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  Ajax Calendar version 1.0 suffers from a cross site scripting vulnerability.

  Tags:  cross calendar ajax calendar-version vulnerability  

• April 26, 2011
• 21:03

  Secunia Security Advisory 44348

   » ‎ Packet Storm Security Advisories
  Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in the WP Ajax Recent Posts plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

  Tags:  advisory secunia security security-advisory ajax  

• 18:21

  WP-Ajax-Recent-Posts 1.0.1 Cross Site Scripting

   » ‎ Packet Storm Security Exploits
  The WP-Ajax-Recent-Posts WordPress plugin version 1.0.1 suffers from a cross site scripting vulnerability.

  Tags:  cross site wp-ajax-recent-posts ajax vulnerability  

• 18:21

  WP-Ajax-Recent-Posts 1.0.1 Cross Site Scripting

   » ‎ Packet Storm Security Recent Files
  The WP-Ajax-Recent-Posts WordPress plugin version 1.0.1 suffers from a cross site scripting vulnerability.

  Tags:  cross site wp-ajax-recent-posts ajax vulnerability  

• 18:21

  WP-Ajax-Recent-Posts 1.0.1 Cross Site Scripting

   » ‎ Packet Storm Security Misc. Files
  The WP-Ajax-Recent-Posts WordPress plugin version 1.0.1 suffers from a cross site scripting vulnerability.

  Tags:  cross site wp-ajax-recent-posts ajax vulnerability  

• April 22, 2011
• 14:00

  [webapps / 0day] - Ajax Category Dropdown Wordpress Plugin 0.1.5 Multiple Vulnerabilities

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [webapps / 0day] - Ajax Category Dropdown Wordpress Plugin 0.1.5 Multiple Vulnerabilities

  Tags:  day ajax category webapps vulnerabilities  

• April 21, 2011
• 17:01

  Ajax Category Dropdown WordPress Plugin 0.1.5 XSS / SQL Injection

   » ‎ Packet Storm Security Exploits
  Ajax Category Dropdown WordPress plugin version 0.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  ajax dropdown category cross-site-scripting plugin-version  

• 17:01

  Ajax Category Dropdown WordPress Plugin 0.1.5 XSS / SQL Injection

   » ‎ Packet Storm Security Recent Files
  Ajax Category Dropdown WordPress plugin version 0.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  ajax dropdown category cross-site-scripting plugin-version  

• 17:01

  Ajax Category Dropdown WordPress Plugin 0.1.5 XSS / SQL Injection

   » ‎ Packet Storm Security Misc. Files
  Ajax Category Dropdown WordPress plugin version 0.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

  Tags:  ajax dropdown category cross-site-scripting plugin-version  

• March 14, 2011
• 18:23

  Log1 CMS File Modification / Download

   » ‎ Packet Storm Security Exploits
  Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.

  Tags:  file log cms file-renaming security-vulnerabilities ajax  

• 18:23

  Log1 CMS File Modification / Download

   » ‎ Packet Storm Security Recent Files
  Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.

  Tags:  file log cms file-renaming security-vulnerabilities ajax  

• 18:23

  Log1 CMS File Modification / Download

   » ‎ Packet Storm Security Misc. Files
  Log1 CMS suffers multiple security vulnerabilities including direct access to the AjaxFileManager without a session, arbitrary file renaming via ajax_save_name.php, and arbitrary file downloads.

  Tags:  file log cms file-renaming security-vulnerabilities ajax  

• December 01, 2010
• 13:49

  [Video] Into the Rabbit Hole

   » ‎ SecDocs
  Authors: Rafal Los
  Tags: web application AJAX Web 2.0 crawler
  Event: SecTor 2010
  

  Tags:  video rabbit web rafal-los rabbit-hole ajax web-application  

• 13:30

  [Slides] Into the Rabbit Hole

   » ‎ SecDocs
  Authors: Rafal Los
  Tags: web application AJAX Web 2.0 crawler
  Event: SecTor 2010
  

  Tags:  hole rabbit web rafal-los rabbit-hole ajax web-application  

• November 25, 2010
• 4:22

  Joomla JE Ajax Event Calendar SQL Injection

   » ‎ Packet Storm Security Exploits
  The Joomla JE Ajax Event Calendar component suffers from a remote SQL injection vulnerability.

  Tags:  ajax event joomla calendar-component event-calendar  

• 4:22

  Joomla JE Ajax Event Calendar SQL Injection

   » ‎ Packet Storm Security Recent Files
  The Joomla JE Ajax Event Calendar component suffers from a remote SQL injection vulnerability.

  Tags:  ajax event joomla calendar-component event-calendar  

• 4:22

  Joomla JE Ajax Event Calendar SQL Injection

   » ‎ Packet Storm Security Misc. Files
  The Joomla JE Ajax Event Calendar component suffers from a remote SQL injection vulnerability.

  Tags:  ajax event joomla calendar-component event-calendar  

• 0:00

  Vuln: JE Ajax Event Calendar 'event_id' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  JE Ajax Event Calendar 'event_id' Parameter SQL Injection Vulnerability

  Tags:  calendar event sql event-id calendar-event ajax  

• October 16, 2010
• 21:13

  [Slides] Hacking Browser's DOM Exploiting Ajax and RIA

   » ‎ SecDocs
  Authors: Shreeraj Shah
  Tags: Web 2.0 Rich Internet Applications
  Event: Hack In The Box 2010 Malaysia
  

  Tags:  ajax hacking browser ria authors dom-exploiting shah-tags rich-internet malaysia hack-in-the-box internet-applications  

• October 08, 2010
• 0:00

  Vuln: RETIRED: Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  RETIRED: Lussumo Vanilla 'ajax/updatecheck.php' Cross-Site Scripting Vulnerability

  Tags:  vanilla lussumo retired cross-site-scripting ajax  

• June 23, 2010
• 0:00

  Vuln: Joomla! JE Ajax Event Calendar Component 'view' Parameter SQL Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Joomla! JE Ajax Event Calendar Component 'view' Parameter SQL Injection Vulnerability

  Tags:  view event sql calendar-component ajax vulnerability  

• May 14, 2010
• 12:02

  joomlaajaxec-lfi.txt

   » ‎ Packet Storm Security Recent Files
  Joomla JE Ajax Event Calendar version 1.0.3 suffers from a local file inclusion vulnerability.

  Tags:  txt calendar event calendar-version lfi ajax  

• 12:01

  joomlaajaxec-lfi.txt

   » ‎ Packet Storm Security Exploits
  Joomla JE Ajax Event Calendar version 1.0.3 suffers from a local file inclusion vulnerability.

  Tags:  txt calendar event calendar-version lfi ajax  

• 1:00

  JE Ajax Event Calendar Local File Inclusion Vulnerability

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  JE Ajax Event Calendar Local File Inclusion Vulnerability

  Tags:  ajax event vulnerability event-calendar  

• February 05, 2010
• 0:00

  Vuln: DokuWiki 'ajax.php' Multiple Security Bypass Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  DokuWiki 'ajax.php' Multiple Security Bypass Vulnerabilities

  Tags:  php ajax dokuwiki  

• January 31, 2010
• 14:00

  ajaxmansethaber-bypass.txt

   » ‎ Packet Storm Security Recent Files
  Ajax Manset Haber Sistemi version 3 suffers from a direct administrative access vulnerability.

  Tags:  txt ajax manset vulnerability  

• 14:00

  ajaxmansethaber-bypass.txt

   » ‎ Packet Storm Security Exploits
  Ajax Manset Haber Sistemi version 3 suffers from a direct administrative access vulnerability.

  Tags:  txt ajax manset vulnerability  

• January 22, 2010
• 0:00

  Vuln: DokuWiki 'ajax.php' Multiple Security Bypass Vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  DokuWiki 'ajax.php' Multiple Security Bypass Vulnerabilities

  Tags:  php ajax dokuwiki