737 matches found
[SA19215] Jupiter Content Manager "image" BBcode Script Insertion
TITLE: Jupiter Content Manager "image" BBcode Script Insertion SECUNIA ADVISORY ID: SA19215 VERIFY ADVISORY: http://secunia.com/advisories/19215/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Jupiter Content Manager 1.x http://secunia.com/product/8685/...
[SA18924] PerlBLOG Multiple Vulnerabilities
TITLE: PerlBLOG Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18924 VERIFY ADVISORY: http://secunia.com/advisories/18924/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: PerlBLOG 1.x http://secunia.com/product/8128/ DESCRIPTION: Aliaksand...
[SA18892] Siteframe Page Comment Script Insertion Vulnerability
TITLE: Siteframe Page Comment Script Insertion Vulnerability SECUNIA ADVISORY ID: SA18892 VERIFY ADVISORY: http://secunia.com/advisories/18892/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Siteframe 5.x http://secunia.com/product/8006/ DESCRIPTION: Kiki...
[SA18132] ASPBite "strSearch" Cross-Site Scripting Vulnerability
TITLE: ASPBite "strSearch" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18132 VERIFY ADVISORY: http://secunia.com/advisories/18132/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: ASPBite 8.x http://secunia.com/product/6577/ DESCRIPTION: Preddy has...
phpmyadmin -- register_globals emulation "import_blacklist" manipulation
Secunia reports: Stefan Esser has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerability is caused due to an error in the registerglobals...
1- Search XSS vuln.
1- Search XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/1-search-xss-vuln.html vendor:http://www.1-script.com/1search/ affected version:1.80 and prior Product Description: An advanced site search script written with search engines...
Sitebeater News System XSS vuln.
Sitebeater News System XSS vuln. Vuln. dicovered by : r0t Date: 3 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/sitebeater-news-system-xss-vuln.html affected version: 4.00 and prior Product Description: News Features: mailing lists, polls, themes, attachments, search, categories,...
phpSysInfo -- "register_globals" emulation layer overwrite vulnerability
A Secunia Advisory reports: Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the "registerglobals" emulation layer where certain arrays used by the system can b...
Invision Power Board 2.1 : Multiple XSS Vulnerabilities
Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...
GLSA-200507-18 : MediaWiki: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200507-18 MediaWiki: XSS vulnerability MediaWiki fails to escape a parameter in the page move template correctly. Impact : By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...
FreeBSD : horde -- Horde Page Title XSS Vulnerability (396ee517-a607-11d9-ac72-000bdb1444a4)
Secunia Advisory: SA14730 A vulnerability has been reported in Horde, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed when setting the parent frame's page title via JavaScript is not properly sanitised before being returned to the user. This can be...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...
[SA15705] ATutor Cross-Site Scripting Vulnerabilities
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...
fswiki -- XSS problem in file upload form
A Secunia security advisory reports: A vulnerability has been reported in FreeStyle Wiki and FSWikiLite, which can be exploited by malicious people to conduct script insertion attacks. Input passed in uploaded attachments is not properly sanitised before being used. This can be exploited to injec...
Coppermine Gallery < 1.3.3 init.inc.php HTML Injection
Binary data 2839.prm...