1056 matches found
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. This issue is different from JVN90438169. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability...
artmedic webdesign weblog - Multiple Local File Inclusions
source: https://www.securityfocus.com/bid/27797/info artmedic webdesign weblog is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially sensitive information and execute...
OpenBiblio 0.x - theme_del_confirm.php?name Cross-Site Scripting
OpenBiblio 0.x - themedelconfirm.php?name Cross-Site Scripting source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting...
OpenBiblio 0.x - staff_del_confirm.php Multiple Cross-Site Scripting Vulnerabilities
OpenBiblio 0.x - staffdelconfirm.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection,...
Unrestricted file upload
Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448...
CVE-2007-2733
Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448...
CVE-2007-2733
CVE-2007-2733 is an unrestricted file upload vulnerability in Jetbox CMS, where remote authenticated users with author privileges can upload arbitrary scripts (e.g., PHP) via the IMAGES/webfiles mechanism and execute code. Public details indicate Jetbox One 2.0.8 and other versions are affected, ...
Cross site scripting
Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...
CVE-2007-0220
Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...
CVE-2007-0220
Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an...
GLSA-200704-08 : DokuWiki: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200704-08 DokuWiki: XSS vulnerability DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file. Impact : An attacker could entice a user to click a specially crafted link and inject CRLF characters...
CVE-2007-1552
Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension...
EUVD-2007-1546
Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension...
CVE-2007-1139
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...
Unrestricted file upload
Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...
CVE-2007-0123
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations...
KDPics 1.11/1.16 - 'galeries.inc.php3?categories' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit may allow unauthorized users to vie...
JVN#62307185 QwikiWiki cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...
GLSA-200607-05 : SHOUTcast server: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200607-05 SHOUTcast server: Multiple vulnerabilities The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the...
Horde Web Application Framework: XSS vulnerability
Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...