Lucene search
+L

737 matches found

FreeBSD
FreeBSD
added 2008/10/17 12:0 a.m.22 views

habari -- Cross-Site Scripting Vulnerability

Secunia reports: Input passed via the "habariusername" parameter when logging in is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

4.3CVSS7AI score0.02962EPSS
Exploits1References2
OSV
OSV
added 2008/09/25 7:25 p.m.5 views

DEBIAN-CVE-2008-4247

ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI...

7.5CVSS7.4AI score0.04045EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2008/09/18 12:0 a.m.12 views

gallery -- multiple vulnerabilities

Secunia reports: An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files. Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is...

0.6AI score
Exploits0References2
Packet Storm
Packet Storm
added 2008/09/12 12:0 a.m.42 views

pro2col-xss.txt

Pro2col StingRay FTS login username cross site scripting scip AG Vulnerability ID 3809 09/12/2008 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809 I. INTRODUCTION StingRay FTS is a file transfer server for Internet communications. Customers are able to transfer files or to send emails via the...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2008/08/22 12:0 a.m.25 views

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability

Adobe Presenter is prone to a cross-site scripting CSS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.8AI score0.01811EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2008/06/23 12:0 a.m.30 views

phpmyadmin -- Cross Site Scripting Vulnerabilities

Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...

2.6CVSS7.1AI score0.01596EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2008/03/12 12:0 a.m.42 views

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

6.3AI score
Exploits0References2
securityvulns
securityvulns
added 2008/03/09 12:0 a.m.36 views

WordPress Multiple Cross-Site Scripting Vulnerabilities

Vulnerabilities in Wordpress, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.Input passed to certain parameters in various scripts isn't properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or...

1.5AI score
Exploits0
FreeBSD
FreeBSD
added 2008/02/24 12:0 a.m.24 views

flyspray -- multiple vulnerabilities

The Flyspray Project reports: Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch javascript function. There is an XSS problem in the history tab, th...

5CVSS7.2AI score0.01205EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2008/02/05 12:0 a.m.25 views

mailman -- script insertion vulnerability

Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert...

4.3CVSS5.1AI score0.01919EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2008/01/27 12:0 a.m.31 views

GLSA-200801-10 : TikiWiki: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200801-10 TikiWiki: Multiple vulnerabilities Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the 'movies' parameter in file tiki-listmovies.php CVE-2007-6528. Mesut Timur from H-Labs discovered that th...

10CVSS5.8AI score0.09266EPSS
Exploits1References4
exploitpack
exploitpack
added 2007/11/27 12:0 a.m.38 views

ht:Dig 3.2 - Htsearch Cross-Site Scripting

ht:Dig 3.2 - Htsearch Cross-Site Scripting source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2007/11/27 12:0 a.m.67 views

ht://Dig 3.2 - Htsearch Cross-Site Scripting

source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/11/26 12:0 a.m.12 views

FMDeluxe 2.1 - index.php Cross-Site Scripting

FMDeluxe 2.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26587/info FMDeluxe is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2007/11/26 12:0 a.m.14 views

SimpleGallery 0.1.3 - index.php Cross-Site Scripting

SimpleGallery 0.1.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26585/info SimpleGallery is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML o...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2007/11/26 12:0 a.m.20 views

PHPSlideShow 0.9.9 - Directory Cross-Site Scripting

PHPSlideShow 0.9.9 - Directory Cross-Site Scripting source: https://www.securityfocus.com/bid/26575/info PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2007/11/26 12:0 a.m.27 views

FMDeluxe 2.1 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26587/info FMDeluxe is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/11/24 12:0 a.m.18 views

VBTube 1.1 - Search Cross-Site Scripting

VBTube 1.1 - Search Cross-Site Scripting source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2007/11/24 12:0 a.m.22 views

VBTube 1.1 - Search Cross-Site Scripting

source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of ...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/11/15 12:0 a.m.32 views

GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200711-17 Ruby on Rails: Multiple vulnerabilities candlerb found that ActiveResource, when processing responses using the Hash.fromxml function, does not properly sanitize filenames CVE-2007-5380. The session management...

6.8CVSS6AI score0.03969EPSS
Exploits1References4
Rows per page
Query Builder