Cross-Site Scripting Vulnerability in LightNEasy

This host is running LightNEasy and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodlightneasyxssvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Cross-Site Scripting Vulnerability in LightNEasy Authors: Sharath S Copyright: Copyright c 2009 SecPod,...

LightNEasy < 2.2.1 / 2.2.2 XSS Vulnerability

LightNEasy is prone to a cross-site scripting XSS vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Drupal 5.17 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drupal 5.17 Taxonomy Core Module Contains XSS Vulnerability May 7, 2009 Version tested: Drupal 5.17 http://lampsecurity.org/drupal-taxonomy-vulnerability Drupal http://drupal.org is a robust content management system CMS written in PHP and supported b...

FreeBSD : typo3 -- XSS and information disclosure (cc47fafe-f823-11dd-94d9-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being...

typo3 -- cross-site scripting and information disclosure

Secunia reports: Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being return...

FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses...

Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary HTML and script code in the user's browser session. The vulnerability exists due to an input sanitization error in the embedded HTTP server. An unauthenticated, remote attacker...

FreeBSD : cgiwrap -- XSS Vulnerability (bc6a7e79-e111-11dd-afcd-00e0815b8da8)

Secunia reports : A vulnerability has been reported in CGIWrap, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to the application generating error messages without specifying a charset. This can be exploited to execute arbitrary...

FreeBSD : mantis -- multiple vulnerabilities (29255141-c3df-11dd-a721-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. Input passed to the 'filtertarget' parameter in returndynamicfilters.p...

Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Linux Authors: Chandan S Copyright: Copyright c 20...

Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Windows Authors: Chandan S Copyright: Copyright c...

GLSA-200809-10 : Mantis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200809-10 Mantis: Multiple vulnerabilities Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manageusercreate.php CVE-2008-2276, a Cross-Site Scripting vulnerability in...

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

CVE-2008-0239

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...

GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200711-17 Ruby on Rails: Multiple vulnerabilities candlerb found that ActiveResource, when processing responses using the Hash.fromxml function, does not properly sanitize filenames CVE-2007-5380. The session management...

FreeBSD : tikiwiki -- multiple vulnerabilities (20a4eb11-8ea3-11dc-a396-0016179b2dd5)

Secunia reports : Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when...

ManageEngine OpManager Login.do Multiple Parameter XSS

The remote host is running ManageEngine OpManager, a web-based network management application. The version of ManageEngine OpManager installed on the remote host fails to sanitize user input to the 'requestid' parameter of the 'jsp/Login.do' script before using it to generate dynamic content. An...

phpmyadmin -- cross-site scripting vulnerability

The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Unified MeetingPlace Web Conferencing MP 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the 1 Success Template STPL and 2 Failure Template FTPL parameters, which are not properly handled in an err...

CVE-2007-4284

Multiple cross-site scripting XSS vulnerabilities in Cisco Unified MeetingPlace Web Conferencing MP 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the 1 Success Template STPL and 2 Failure Template FTPL parameters, which are not properly handled in an err...