Lucene search
+L

737 matches found

securityvulns
securityvulns
added 2006/08/23 12:0 a.m.41 views

Tons of SQL-injections and XSS in Eichhorn Portal and vendor page

Hi list. There are lots of SQL injections and XSS in the 'Eichhorn Portal' by 'Guder und Koch Netzwerktechnik' and their own website. Input passed to multiple parameters in different PHP-files isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/08/21 12:0 a.m.33 views

FreeBSD : horde -- Phishing and XSS Vulnerabilities (e2e8d374-2e40-11db-b683-0008743bf21a)

Secunia reports : Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. - Input passed to the 'url' parameter in index.php isn't properly verified before it is being used to include an arbitrary website i...

4.3CVSS5.8AI score0.01668EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2006/08/17 12:0 a.m.23 views

horde -- Phishing and Cross-Site Scripting Vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in ...

0.1AI score
Exploits0References2
exploitpack
exploitpack
added 2006/06/27 12:0 a.m.9 views

Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure

Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure source: https://www.securityfocus.com/bid/18682/info Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2006/06/26 12:0 a.m.33 views

netscapeXSS.txt

Netscape.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/06/26 12:0 a.m.25 views

GreatDomainsXSS.txt

GreatDomains.com - XSS with cookie disclosure ---------------------------------------------- Type: Cross site scripting Date: June, 16th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/06/21 12:0 a.m.20 views

macworld.txt

Macworld.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Rated as: Low Risk Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/06/21 12:0 a.m.26 views

palm.txt

Palm.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...

7.4AI score
Exploits0
Cisco
Cisco
added 2006/06/19 11:41 p.m.20 views

Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability

Cisco CallManager versions prior to 4.31, 4.23, 4.13SR4 and 3.35SR3 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script in the user's browser session. The vulnerability exists due to improper input sanitization in the CallManager Administration...

4.3CVSS7.2AI score0.13488EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2006/06/09 12:0 a.m.35 views

mailman -- Multiple Vulnerabilities

Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...

6.4AI score
Exploits0References2
exploitpack
exploitpack
added 2006/06/07 12:0 a.m.14 views

Open Business Management 1.0.3 pl1 - company_index.php Multiple Cross-Site Scripting Vulnerabilities

Open Business Management 1.0.3 pl1 - companyindex.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code fr...

Exploits0
exploitpack
exploitpack
added 2006/06/07 12:0 a.m.14 views

Open Business Management 1.0.3 pl1 - user_index.php?tf_lastname Cross-Site Scripting

Open Business Management 1.0.3 pl1 - userindex.php?tflastname Cross-Site Scripting source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/07 12:0 a.m.26 views

Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.34 views

FreeBSD : phpSysInfo -- XSS vulnerability (50457509-d05e-11d9-9aed-000e0c2e438a)

A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Als...

5CVSS5.7AI score0.03716EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.9 views

FreeBSD : phpmyadmin -- register_globals emulation 'import_blacklist' manipulation (23afd91f-676b-11da-99f6-00123ffe8333)

Secunia reports : Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerability is caused due to an error in the registerglobals...

5.6AI score
Exploits0References3
FreeBSD
FreeBSD
added 2006/04/21 12:0 a.m.27 views

phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities

Secunia reports: phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1 Some input isn't properly sanitised before being returned to the user. This can be exploited to...

2.6CVSS6.2AI score0.08221EPSS
Exploits1References3
securityvulns
securityvulns
added 2006/04/18 12:0 a.m.113 views

BluePay Manager v2.0 Script Insertion Vulnerability

BluePay Manager v2.0 Script Insertion Vulnerability Vuln. discovered by : r0t Date: 18 april 2006 vendor:bluepay.com affected versions:v2.0 and previous orginal advisory: http://pridels.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html Vuln. description: Input passed to the "Account...

Exploits0
Tenable Nessus
Tenable Nessus
added 2006/04/08 12:0 a.m.18 views

GLSA-200604-01 : MediaWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200604-01 MediaWiki: XSS vulnerability MediaWiki fails to decode certain encoded URLs correctly. Impact : By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or...

4.3CVSS5.5AI score0.01749EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2006/04/07 12:0 a.m.35 views

mailman -- Private Archive Script Cross-Site Scripting

Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute...

2.6CVSS6.8AI score0.01397EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2006/04/04 12:0 a.m.23 views

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...

4.3CVSS6.3AI score0.01749EPSS
Exploits0
Rows per page
Query Builder