737 matches found
Tons of SQL-injections and XSS in Eichhorn Portal and vendor page
Hi list. There are lots of SQL injections and XSS in the 'Eichhorn Portal' by 'Guder und Koch Netzwerktechnik' and their own website. Input passed to multiple parameters in different PHP-files isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary...
FreeBSD : horde -- Phishing and XSS Vulnerabilities (e2e8d374-2e40-11db-b683-0008743bf21a)
Secunia reports : Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. - Input passed to the 'url' parameter in index.php isn't properly verified before it is being used to include an arbitrary website i...
horde -- Phishing and Cross-Site Scripting Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in ...
Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure
Microsoft Internet Explorer 5.0.1 - OuterHTML redirection Handling Information Disclosure source: https://www.securityfocus.com/bid/18682/info Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may...
netscapeXSS.txt
Netscape.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
GreatDomainsXSS.txt
GreatDomains.com - XSS with cookie disclosure ---------------------------------------------- Type: Cross site scripting Date: June, 16th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
macworld.txt
Macworld.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Rated as: Low Risk Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
palm.txt
Palm.com - XSS vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
Cisco CallManager Administration and User Options Web Interfaces Cross-Site Scripting Vulnerability
Cisco CallManager versions prior to 4.31, 4.23, 4.13SR4 and 3.35SR3 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script in the user's browser session. The vulnerability exists due to improper input sanitization in the CallManager Administration...
mailman -- Multiple Vulnerabilities
Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...
Open Business Management 1.0.3 pl1 - company_index.php Multiple Cross-Site Scripting Vulnerabilities
Open Business Management 1.0.3 pl1 - companyindex.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code fr...
Open Business Management 1.0.3 pl1 - user_index.php?tf_lastname Cross-Site Scripting
Open Business Management 1.0.3 pl1 - userindex.php?tflastname Cross-Site Scripting source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied...
Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit...
FreeBSD : phpSysInfo -- XSS vulnerability (50457509-d05e-11d9-9aed-000e0c2e438a)
A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Als...
FreeBSD : phpmyadmin -- register_globals emulation 'import_blacklist' manipulation (23afd91f-676b-11da-99f6-00123ffe8333)
Secunia reports : Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerability is caused due to an error in the registerglobals...
phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
Secunia reports: phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1 Some input isn't properly sanitised before being returned to the user. This can be exploited to...
BluePay Manager v2.0 Script Insertion Vulnerability
BluePay Manager v2.0 Script Insertion Vulnerability Vuln. discovered by : r0t Date: 18 april 2006 vendor:bluepay.com affected versions:v2.0 and previous orginal advisory: http://pridels.blogspot.com/2006/04/bluepay-manager-v20-script-insertion.html Vuln. description: Input passed to the "Account...
GLSA-200604-01 : MediaWiki: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200604-01 MediaWiki: XSS vulnerability MediaWiki fails to decode certain encoded URLs correctly. Impact : By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or...
mailman -- Private Archive Script Cross-Site Scripting
Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...