554 matches found
Unfixed XSS vulnerability at www.theharvardshop.com
Security researcher xylitol, has submitted on 29/10/2008 a cross-site-scripting XSS vulnerability affecting www.theharvardshop.com, which at the time of submission ranked 1833866 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/07/2009. It is...
aspwebalbum 3.2 - Arbitrary File Upload SQL Injection Cross-Site Scripting
aspwebalbum 3.2 - Arbitrary File Upload SQL Injection Cross-Site Scripting - Discovered bay AleminKrali ==== - aspWebAlbum 3.2 - Script Download "http://www.fullrevolution.com" - aspWebAlbum 3.2 Single Site License | $60.00 : - HomePage al3m.blogspot.com...
Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp?activeControl' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these...
Unfixed XSS vulnerability at www.catchthefly.com
Security researcher Azat Harutyunyan, has submitted on 01/06/2008 a cross-site-scripting XSS vulnerability affecting www.catchthefly.com, which at the time of submission ranked 6528366 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/06/2008...
CVE-2007-6455
Multiple cross-site scripting XSS vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Itemid parameter in a comfrontpage option and the 2 option parameter...
SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 3932)
This update brings Mozilla Firefox to security update version 2.0.0.5 Following security problems were fixed : - Crashes with evidence of memory corruption The usual collection of stability fixes for crashes that look suspicious but haven't been proven to be exploitable. MFSA 2007-18 25 were in t...
Fullaspsite ASP Hosting Site - listmain.asp?cat SQL Injection
Fullaspsite ASP Hosting Site - listmain.asp?cat SQL Injection source: https://www.securityfocus.com/bid/22545/info Fullaspsite Shop is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly...
[Full-disclosure] GaesteChaos <= 0.2 Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: GaesteChaos = 0.2 Multiple Vulnerabilities Release Date: 2006/08/04 Last Modified: 2006/08/03 Author: Tamriel tamriel at gmx dot net Application: GaesteChaos = 0.2 Risk: Moderate Vendor Status: not contacted Vendor Site: www.chaossoft.de...
Cisco Wireless Lan Solution Engine - ArchiveApplyDisplay.jsp Cross-Site Scripting
source: https://www.securityfocus.com/bid/17604/info CiscoWorks Wireless LAN Solution Engine WLSE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...
MyBB 1.10 New CrossSiteScripting
MyBB 1.10 CrossSiteScripting File :- inc/functionspost.php BugTraqer :- Devil-00 [email protected] we can do attack by some unfilter tags :- Post New Thread Or New Replay With This Code :D And Try To Move The Mouse Over The Email ; code email=a" onmousemove="alertdocument.cookie;"...
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
Invalid characters removed from From: [email protected], |@securityfocus.com, MyBB 1.02 usercp2.php XSS ------------------------------ Devil-00 D3vil-0x1 - Attacking MyBB : [email protected] ----------------------------- File :- usercp2.php Var :- $url Line's :- - 39 - 58 - 84 - 108 - 130 - 149 - 1...
OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections
OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to...
pblang465.txt
PBLang 4.65 possibly prior versions remote code execution / administrative credentials disclosure / system information disclosure / cross site scripting / path disclosure software: description: PBLang is a powerful flatfile Bulletin Board System. It combines many features of a professional board,...
typo3 issues
hola, ... [email protected]/Martin Eiszner ===================== Security REPORT TYPO3 ===================== this document: http://www.websec.org/adv/typo3.html Product: Typo3 Version 3.5b5 / Earlier versions are possibly vulnerable too Vendor: Typo3 http://www.typo3.com Vendor-Status:...