Unrestricted file upload

Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448...

CVE-2007-2733

Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448...

CVE-2007-2733

CVE-2007-2733 is an unrestricted file upload vulnerability in Jetbox CMS, where remote authenticated users with author privileges can upload arbitrary scripts (e.g., PHP) via the IMAGES/webfiles mechanism and execute code. Public details indicate Jetbox One 2.0.8 and other versions are affected, ...

Cross site scripting

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...

CVE-2007-0220

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...

CVE-2007-0220

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...

GLSA-200704-08 : DokuWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200704-08 DokuWiki: XSS vulnerability DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file. Impact : An attacker could entice a user to click a specially crafted link and inject CRLF characters...

CVE-2007-1552

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension...

EUVD-2007-1546

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension...

Unrestricted file upload

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...

CVE-2007-1139

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...

CVE-2007-0123

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations...

KDPics 1.11/1.16 - 'galeries.inc.php3?categories' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit may allow unauthorized users to vie...

JVN#62307185 QwikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...

GLSA-200607-05 : SHOUTcast server: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200607-05 SHOUTcast server: Multiple vulnerabilities The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the...

Horde Web Application Framework: XSS vulnerability

Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...

OpenEngineTraverse.txt

OpenEngine is a PHP based CMS. The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted. All actual versions are vulnerable up to 1.8 Beta 2, which is the newest one, only the paths and consequences differ. For example you can browse the...

GLSA-200511-20 : Horde Application Framework: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200511-20 Horde Application Framework: XSS vulnerability The Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via...

Horde Application Framework: XSS vulnerability

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...

CVE-2004-2185

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...