737 matches found
habari -- Cross-Site Scripting Vulnerability
Secunia reports: Input passed via the "habariusername" parameter when logging in is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
DEBIAN-CVE-2008-4247
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI...
gallery -- multiple vulnerabilities
Secunia reports: An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files. Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is...
pro2col-xss.txt
Pro2col StingRay FTS login username cross site scripting scip AG Vulnerability ID 3809 09/12/2008 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3809 I. INTRODUCTION StingRay FTS is a file transfer server for Internet communications. Customers are able to transfer files or to send emails via the...
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Adobe Presenter is prone to a cross-site scripting CSS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
phpmyadmin -- Cross Site Scripting Vulnerabilities
Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...
awstats -- multiple XSS vulnerabilities
Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...
WordPress Multiple Cross-Site Scripting Vulnerabilities
Vulnerabilities in Wordpress, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.Input passed to certain parameters in various scripts isn't properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or...
flyspray -- multiple vulnerabilities
The Flyspray Project reports: Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch javascript function. There is an XSS problem in the history tab, th...
mailman -- script insertion vulnerability
Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert...
GLSA-200801-10 : TikiWiki: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200801-10 TikiWiki: Multiple vulnerabilities Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the 'movies' parameter in file tiki-listmovies.php CVE-2007-6528. Mesut Timur from H-Labs discovered that th...
ht:Dig 3.2 - Htsearch Cross-Site Scripting
ht:Dig 3.2 - Htsearch Cross-Site Scripting source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code...
ht://Dig 3.2 - Htsearch Cross-Site Scripting
source: https://www.securityfocus.com/bid/26610/info ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context...
FMDeluxe 2.1 - index.php Cross-Site Scripting
FMDeluxe 2.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26587/info FMDeluxe is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script...
SimpleGallery 0.1.3 - index.php Cross-Site Scripting
SimpleGallery 0.1.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26585/info SimpleGallery is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML o...
PHPSlideShow 0.9.9 - Directory Cross-Site Scripting
PHPSlideShow 0.9.9 - Directory Cross-Site Scripting source: https://www.securityfocus.com/bid/26575/info PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or...
FMDeluxe 2.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26587/info FMDeluxe is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context...
VBTube 1.1 - Search Cross-Site Scripting
VBTube 1.1 - Search Cross-Site Scripting source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a...
VBTube 1.1 - Search Cross-Site Scripting
source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of ...
GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200711-17 Ruby on Rails: Multiple vulnerabilities candlerb found that ActiveResource, when processing responses using the Hash.fromxml function, does not properly sanitize filenames CVE-2007-5380. The session management...