Cutenews search.php Cross-Site Scripting Vulnerability

The remote web server contains a PHP script that is affected by a cross-site scripting issue. Description: The version of Cutenews installed on the remote host fails to sanitize input to the 'search.php' script before using it to generate dynamic HTML to be returned to the user. An unauthenticate...

Resin viewfile Servlet file Parameter XSS

The remote host is running Resin, an application server. The 'viewfile' Servlet included with the version of Resin installed on the remote host fails to sanitize user input to the 'file' parameter before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject...

Xerox DocuShare dsweb Servlet Multiple XSS

The remote host is running DocuShare, a web-based document management application from Xerox. The version of DocuShare installed on the remote host fails to sanitize user input to the 'dsweb' servlet before including it in dynamic HTML output. An attacker may be able to leverage this issue to...

ProjectPier index.php Multiple Parameter XSS

The remote host is running ProjectPier, an open source project management tool written in PHP. The version of ProjectPier installed on the remote host fails to sanitize user input to the 'refc' and 'refa' parameters of the 'index.php' script before using it to generate dynamic HTML output. An...

Joomla! com_content Component 'order' Parameter XSS

The version of Joomla! running on the remote host is affected by a cross-site scripting XSS vulnerability in comcontent/content.php due to improper sanitization of user-supplied input to the 'order' parameter before using it to generate dynamic HTML content. An unauthenticated, remote attacker ca...

UebiMiau Multiple Input Validation Vulnerabilities

The remote host is running UebiMiau, a webmail application written in PHP. The version of UebiMiau installed on the remote host fails to sanitize user input to the 'selectedtheme' parameter of the 'error.php' script before using it as a template to generate dynamic HTML. An unauthenticated attack...

SiteKiosk < 6.5.150 Multiple Vulnerabilities

According to its version number, the installation of SiteKiosk on the remote host contains an unspecified ActiveX control that is marked as 'safe for scripting' yet exposes two dangerous methods that reading and downloading of any file from the kiosk. In addition, it fails to completely sanitize...

security flaw

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via attack vectors related to DHTML...

MS06-017: FrontPage fpadmdll.dll Multiple Parameter XSS (917627)

The version of Microsoft FrontPage Server Extensions 2002 / SharePoint Team Services on the remote host is affected by a cross-site scripting XSS vulnerability due to improper sanitization of user-supplied input to the 'operation', 'command', and 'name' parameters to file...

MODx < 0.9.1a Multiple Vulnerabilities

The remote host is running MODx, a content management system written in PHP. The version of MODx installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it to generate dynamic HTML output. An unauthenticated attacker can exploit this to...

DEBIAN-CVE-2006-1723

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the...

DEBIAN-CVE-2006-1531

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the...

DEBIAN-CVE-2006-1530

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the...

DEBIAN-CVE-2006-1529

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the...

DEBIAN-CVE-2006-1724

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via attack vectors related to DHTML...

Pubcookie Login Server index.cgi XSS

The remote host is running Pubcookie, an open source package for intra-institutional, single-sign-on, end-user web authentication. The version of the Login Server component of Pubcookie installed on the remote host fails to sanitize user-supplied input to various parameters of the 'index.cgi'...

Game-Panel 2.6 - &#039;login.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/16979/info Game-Panel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this iss...

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

VulnCheck KEV: CVE-2004-1319

The DHTML Edit Control dhtmled.ocx allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as...

MySQL Eventum index.php email Parameter XSS

The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...