FreeBSD : joomla -- multiple vulnerabilities (4872d9a7-4128-11dc-bdb0-0016179b2dd5)

A Secunia Advisory reports : joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...

CVE-2007-4102

Cross-site scripting XSS vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/ sequence in the search string...

drupal -- Multiple cross-site scripting vulnerabilities

The Drupal Project reports: Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website...

Apache Tomcat snoop.jsp URI XSS

The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to...

Code injection

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

CVE-2006-7023

Multiple cross-site scripting XSS vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via 1 the search box, and the 2 url, 3 website, 4 comment, and 5 signature fields in the profile, and possibly 6 a menu item...

CVE-2006-6996

Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the 1 title and 2 newspost parameters to a newsadd.php, and the 3 name, title, and 4 comment parameters to b news.php, a different set of vectors than...

CVE-2006-6996

Multiple cross-site scripting XSS vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the 1 title and 2 newspost parameters to a newsadd.php, and the 3 name, title, and 4 comment parameters to b news.php, a different set of vectors than...

CVE-2007-0846

Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...

CVE-2007-0846

Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...

CVE-2007-0817

CVE-2007-0817 is a cross-site scripting vulnerability in Adobe ColdFusion web server. The issue stems from failing to sanitize the User-Agent HTTP header before displaying it on the error page, allowing remote attackers to inject arbitrary HTML/script. Some sources note potential session hijackin...

CVE-2007-0817

Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...

CVE-2006-6936

Cross-site scripting XSS vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via 1 the catname parameter to displaypic.asp or 2 the search field. NOTE: vector 1 likely overlaps CVE-2006-3032...

phpBB (privmsg.php) XSS Exploit

phpBB privmsg.php XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [email protected] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to...

[Full-disclosure] [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-001 ---------------------------------------------------------------------------- Project: Drupal core. Date: 2007-Jan-05. Security risk: Less critical. Exploitable from: Remote...

CVE-2006-6459

CVE-2006-6459 describes a cross-site scripting (XSS) vulnerability in PhpBB Toplist 1.3.7. The flaw resides in toplist.php, allowing remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (action: toplistnew). The CVSS metrics in...

CVE-2006-5791

Multiple cross-site scripting XSS vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via 1 the filename for downloading, which is not quoted in an error message by the sendfiledirect function, and 2 the Type or Category values in a N...

IwebNegar v1.1 Multiple vulnerabilities

:: IwebNegar v1.1 Multiple vulnerabilities :: ------------------------------------------------ Software : IwebNegar v1.1 Website : ---- Bug Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerability ------------------------------------------------- Parameter "comment" are not...