Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the...

Microsoft Excel Embedded Shockwave Flash Object Code Execution (MS06-069; CVE-2006-3014)

Microsoft Excel is a popular spreadsheet application that is usually released as a part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A...

PhreeBooks Multiple HTML-Injection and Local File Include Vulnerabilities

PhreeBooks is prone to multiple local file-include vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view files and execute loca...

Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting

Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/41664/info Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. An...

WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting

source: https://www.securityfocus.com/bid/40582/info The Gigya Socialize Plugin for Wordpress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

e-Pares vulnerable to cross-site scripting

Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...

log1 CMS 2.0 - Session Handling Remote Security Bypass Remote File Inclusion

log1 CMS 2.0 - Session Handling Remote Security Bypass Remote File Inclusion source: https://www.securityfocus.com/bid/40636/info log1 CMS is prone to a security-bypass vulnerability because of a design flaw and a remote file-include vulnerability because it fails to properly sanitize user-suppli...

PHP City Portal 1.3 - cms_data.php Cross-Site Scripting

PHP City Portal 1.3 - cmsdata.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40532/info PHP City Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities

Joomla! 1.5.x Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities. CVE-2010-1649. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40444/info Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

PHP-Calendar 'description' and 'lastaction' Cross Site Scripting Vulnerabilities

PHP-Calendar is prone to Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cacti Multiple Cross Site Scripting Vulnerabilities

Cacti is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user- supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allo...

Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass Cross-Site Request Forgery Vulnerabilities

Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/40346/info Cisco DPC2100 formerly Scientific Atlanta DPC2100 is prone to multiple security-bypass and cross-site request-forgery vulnerabilities...

Getsimple CMS 2.01 - &#039;components.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/40374/info GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the 1 title, 2 subTitle, and 3 author parameters in conjunction with a /admin/news/article/add...

C99Shell 1.0 Pre-Release build 16 (Web Shell) - &#039;ch99.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/40134/info C99Shell is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

gpEasy CMS 1.6.2 - editing_files.php Cross-Site Scripting

gpEasy CMS 1.6.2 - editingfiles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40330/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...

NPDS REvolution 10.02 - download.php Cross-Site Scripting

NPDS REvolution 10.02 - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40227/info NPDS Revolution is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Joomla! Component JComments 2.1 - &#039;ComntrNam&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/40230/info The JComments component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...

NPDS REvolution 10.02 - topic Cross-Site Scripting

NPDS REvolution 10.02 - topic Cross-Site Scripting source: https://www.securityfocus.com/bid/40157/info NPDS Revolution is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...