XOOPS 1.0 RC3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a us...

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities

No description provided by source. Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://www.articlesetup.com/ Advisory : http://secpod.org/blog/?p=497...

AneCMS 1.3 Persistant XSS Vulnerability

No description provided by source. Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that does not get...

WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12009/info It is reported that WorkBoard is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could...

Divine Content Server 5.0 Error Page Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8763/info It has been reported that Divine Content Server is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the 'pagename' attribute in the err...

Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25222/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote attacker entices a victim user to visit...

MyHelpDesk 20020509 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for...

Sambar Server 5.x results.stm Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6643/info Sambar Server does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be...

PluggedOut Blog 1.51/1.60 Blog_Exec.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10885/info PluggedOut Blog is reported prone to a cross-site scripting vulnerability. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerabl...

CutePHP CuteNews 1.3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of...

NOCC 1.0 html_bottom_table.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject...

Nuke Bookmarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12907/info Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate t...

Expinion.net Member Management System 2.1 register.asp err Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and...

Mozilla Firefox 2.0.0.7 Malformed XBL Constructor Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26172/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Firefox...

PHP-Nuke <= 8.0 XSS & HTML Code Injection in News Module

No description provided by source. Software Link: http://www.phpnuke.org/modules.php?name=Downloads&dop=viewdownload&cid=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= note : This bug found by tampering passed data . coders don't sanitize and check user entry point for news rate...

onepound Shop / CMS XSS and SQL Injection Vulnerabilities

No description provided by source. :: General information :: onepound shop / cms XSS and SQL Injection vulnerabilities :: by Valentin Hoebel :: [email protected] :: Product information :: Name = onepound shop / cms :: Vendor = onepound :: Vendor Website = http://www.onepound.cn :: About the...

AOL Instant Messenger 4.x/5.x Smiley Icon Location Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13553/info AOL Instant Messenger is reported prone to a remote denial of service vulnerability. The issue manifests when the affected client application handles a chat invitation, a file transfer, or a game request that...

GNU MyProxy 20030629 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9846/info It has been reported that GNU MyProxy may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to...

iSupport 1.x - CSRF HTML Code Injection to Add Admin

No description provided by source. !/usr/bin/perl Title : iSupport v1.x = Html Code injection to add admin Author : Or4nG.M4n Version : 1.x Homepage : http://www.idevspot.com/iSupport.php Google Dork: Powered by iSupport 1.8 Homepage : http://www.idevspot.com/ Thnks :...

Pluck CMS 4.7 - HTML Code Injection

No description provided by source. Exploit Title: Pluck CMS CSRF - Injecting malicious contents to pagess Date: 2013 4 August Exploit Author: Yashar shahinzadeh Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://www.pluck-cms.org/ Tested on: Linux & Windows, PHP 5.2.9...