WordPress WP-UserOnline 2.6.2插件脚本注入漏洞

BUGTRAQ ID: 41335 WordPress是一款免费的论坛Blog系统。 WordPress所使用的WP-UserOnline插件没有正确地过滤附加给安装路径后的URL的输入便在wp-content/plugins /wp-useronline/wp-useronline.php中显示给了用户，当用户查看时就会导致执行所注入的HTML和脚本代码。 WordPress WP-UserOnline 2.6.2 厂商补丁： WordPress --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative...

Microsoft Windows SharePoint Services Cross Site Scripting (MS07-059; CVE-2007-2581)

Microsoft Windows SharePoint Services WSS is an add-on component of Windows Server. WSS is based on IIS and ASP.NET technologies, providing a basic portal infrastructure, collaborative editing of documents, document organization, and version control capabilities. SharePoint functionality is expos...

Claroline v.1.8.11 Cross-Site Scripting

Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...

Gallery 2.2.4之前版本多个远程安全漏洞

BUGTRAQ ID: 27035 Gallery是基于Web的开源相册管理器。 Gallery的2.2.4之前版本存在多个安全漏洞，允许恶意用户泄露敏感信息、执行跨站脚本攻击、绕过安全限制或入侵有漏洞的系统。 1 Publish XP模块中的漏洞可能导致未经正确的授权便创建和上传文件。 2 URL重写模块中的管理员控制器中的漏洞可能允许包含本地文件。 3 core和add-item模块中没有正确地过滤通过文件名所传送的输入，导致在用户浏览器会话中执行任意HTML和脚本代码。 4 Core/MIME模块中没有对上传文件的扩展名执行正确的检查。 5 Gallery...

Cisco CallManager Web Interface Input Validation Bypass Vulnerability

Cisco CallManager versions 4.31 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and conduct cross-site scripting attacks. This vulnerability exists due to insufficient sanitization of user-supplied input to the CallManager web...

joomla -- multiple remote vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Joomla!, where some have unknown impacts and one can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can...

FreeBSD : horde -- Phishing and XSS Vulnerabilities (e2e8d374-2e40-11db-b683-0008743bf21a)

Secunia reports : Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. - Input passed to the 'url' parameter in index.php isn't properly verified before it is being used to include an arbitrary website i...

newangels-11.txt

newangels-team.eu 11 FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities =========================================================================================== Vendor site = http://www.sensesites.com/ Date: Jun 13 2006 Risk = MEDIUM Version: 5.0 Credit: ======= NewAngels Team ...

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...

NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...

Sitebeater News System XSS vuln.

Sitebeater News System XSS vuln. Vuln. dicovered by : r0t Date: 3 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/sitebeater-news-system-xss-vuln.html affected version: 4.00 and prior Product Description: News Features: mailing lists, polls, themes, attachments, search, categories,...

Calendar Express Multiple Vulnerabilities (SQLi, XSS)

The remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker could exploit these flaws to use the remote host to...

UBBCentral UBB.Threads 6.2.3/6.5 - 'calendar.php?Cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated web...

Xoops 2.0.x - viewtopic.php Cross-Site Scripting

Xoops 2.0.x - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9497/info It has been reported that Xoops may be prone to a cross-site scripting vulnerability that may allow a remote user to execute HTML or script code in a user's browser. HTML and script code may be...

Xoops 2.0.x - 'viewtopic.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9497/info It has been reported that Xoops may be prone to a cross-site scripting vulnerability that may allow a remote user to execute HTML or script code in a user's browser. HTML and script code may be parsed via the 'topicid' and 'forum' URI parameters...

Psychoblogger PB-beta1 - errormessage Cross-Site Scripting

source: https://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported to exist in the 'imageview.php',...

SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with...

Mewsoft NetAuction 3.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5023/info NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML code will be executed in the browser of a web...