Lycos HTMLGear guestGear CSS HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbo...

Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5922/info Microsoft Content Management Server 2001 is reported to be prone to cross-site scripting attacks. An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. I...

httprint 202.0 HTTP Response Server Field Overflow DoS

No description provided by source. source: http://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. The first issue may allow remote attackers to execute arbitrary HTML and script code in a user's browser. The second issue may allow remote attackers to cra...

docuFORM Mercury WebApp 6.16a/5.20 Multiple XSS Vulnerabilities

No description provided by source. !-- docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities Vendor: docuFORM GmbH Product web page: http://www.docuform.de Affected version: 6.16a and 5.20 Summary: Unlimited options for production printing and customer solutions. Desc:...

[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1 and 5.2 from Bottomline Technologies II. BACKGROUND ------------------------- Bottomline offers powerful, next-generation electronic document solutions for formatting, personalizi...

CVE-2014-2577

Multiple cross-site scripting XSS vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the 1 pn parameter to index.fsp/document.pdf, ...

BarracudaDrive Multiple XSS Vulnerabilities -01 (Jun 2014)

BarracudaDrive is prone to multiple XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injectio...

couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection Vulnerabilities

couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters 'iDisplayLength' and 'iDisplayStart' in 'commentspaginate.php' and 'storespaginate.php' scripts are not properly sanitised before being returned to the user or used in SQL queries. This can be...

ASUS Router Multiple Vulnerabilities

The host is running ASUS Router and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodasusroutersmultvuln.nasl 6663 2017-07-11 09:58:05Z teissa $ ASUS Router Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright C 2014 SecPod, http://www.secpod.com This...

FortiWeb 5.0.3 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities in OS of FortiWeb v 5.0.3 CVE-2013-7181 II. BACKGROUND ------------------------- Fortinet's industry-leading, Network Security Platforms deliver Next Generation Firewall NGFW security with exceptional throughput, ultra low...

IBM Domino Email Message Cross-Site Scripting Vulnerabilities

IBM Lotus Domino is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability

Summary BoxBilling is a free billing, invoicing & client management software. Description BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitised before being return...

Splunk < 5.0.6 Unspecified XSS

According to its version number, the Splunk Web hosted on the remote web server is affected by an unspecified cross-site scripting vulnerability. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the...

PHP 5.3.10, 5.4.0 XSS Vulnerability

PHP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

XAMPP 1.8.1 Local Write Access Vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 6,8/10 CVSS Base Score - CVE-ID: CVE-2013-2586...

XAMPP 1.8.1 Local Write Access Vulnerability

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. It has been detected than an unprivileged user can write in the local disk and the local file "lang.tmp" can be modified in the remote machine. The injection is done through the page "/xampp/lang.php"...

KnowledgeView Editorial and Management application cross-site scripting vulnerability

Overview KnowledgeView Editorial and Management application contains a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' KnowledgeView Editorial and Management application contains a...

WordPress NextGen Smooth Gallery Plugin <= 1.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress silverOrchid Theme Cross Site Scripting Vulnerability

WordPress silverOrchid Theme is prone to xss vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...