737 matches found
Profi Einzelgebots Auktions System Cross Site Scripting
x Author: Andrea Bocchetti x Homepage : www.geekit.it // Software Info Name : Profi Einzelgebots Auktions System Demo : http://hiweb-wiesbaden.de/hammerdealv3/ Price : 399.99 Exploit : http://www.site.com/hammerdealv3/suche.php This script is possibly vulnerable to Cross Site Scripting XSS attack...
SurgeFTP 2.x - surgeftpmgr.cgi Multiple Cross-Site Scripting Vulnerabilities
SurgeFTP 2.x - surgeftpmgr.cgi Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/37844/info SurgeFTP is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or...
VMware Server Multiple XSS Vulnerabilities - Windows
VMWare Server is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
moziloCMS Multiple Cross Site Scripting Vulnerabilities
The host is running moziloCMS and is prone to Multiple Cross Site Scripting Vulnerabilities OpenVAS Vulnerability Test $Id: gbmoziloCMSmultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ moziloCMS Multiple Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009...
FreeBSD : wordpress -- multiple vulnerabilities (0640198a-d117-11de-b667-0030843d3802)
secunia reports : The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...
Zero-Day Flaw Found in Web Encryption
A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public. The flaw allows an outsider to hijack a legitimate user’s browser session and successfully impersonate the user, the researchers said in a technical paper. Read the full story...
Symantec SecurityExpressions Audit and Compliance Server Multiple XSS
Binary data 5206.prm...
FreeBSD : horde-base -- multiple vulnerabilities (ee23aa09-a175-11de-96c0-0011098ad87f)
The Horde team reports : An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files. An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a...
joomla -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being used. This can be...
horde-base -- multiple vulnerabilities
The Horde team reports: An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files. An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a user...
moinmoin -- cross-site scripting vulnerabilities
Secunia reports: Input passed via multiple parameters to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site...
mod_perl -- cross-site scripting
Secunia reports: Certain input passed to the "Apache::Status" and "Apache2::Status" modules is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website...
FreeBSD : typo3 -- XSS and information disclosure (cc47fafe-f823-11dd-94d9-0030843d3802)
Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via unspecified fields to the backend user interface is not properly sanitised before being...
FreeBSD : moinmoin -- multiple XSS vulnerabilities (6a523dba-eeab-11dd-ab4f-0030843d3802)
Secunia reports : Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Certain input passed to...
moinmoin -- multiple cross site scripting vulnerabilities
Secunia reports: Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to multiple parameters in action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited ...
CVE-2008-5913
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a...
FreeBSD : mediawiki -- multiple vulnerabilities (61b07d71-ce0e-11dd-a721-0030843d3802)
The MediaWiki development team reports : Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads ...
mediawiki -- multiple vulnerabilities
The MediaWiki development team reports: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads i...
wordpress -- header rss feed script insertion vulnerability
Secunia reports: Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed...
Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
====================================================================== Secunia Research 20/10/2008 - HP SiteScope SNMP Trap Script Insertion - ====================================================================== Table of Contents Affected...