1007 matches found
Miro Broadcast Machine 0.9.9 Login.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26407/info Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script...
Invision Power Board 1.3 Pop Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9822/info It has been reported that Invision Power Board may be prone to a cross-site scripting vulnerability. This may allow a remote attacker to cause hostile HTML or script code to be rendered in a user's browser via a...
Joomla! 1.5 & 1.6 - JFilterInput XSS Bypass
No description provided by source. Exploit Title: Joomla! JFilterInput XSS Bypass Date: 1 February 2011 Author: Jeff Channell Software Link: http://www.joomla.org Version: 1.5.22, 1.6.0 Tested on: PHP5, MySQL5 Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This...
SimpleGallery 0.1.3 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26585/info SimpleGallery is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a...
PHP iReport 1.0 - Remote Html Code injection
No description provided by source. !/usr/bin/perl Title = phpireport v1.0 = Remote Html Code injection Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar Thnks : +----------------------------------+ | xSs m4n i-Hmx h311 c0...
Centrinity FirstClass HTTP Server 5/7 TargetName Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9950/info It has been reported that FirstClass HTTP Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue...
Digital Scribe 1.5 (register_form()) Multiple POST XSS Vulnerabilities
No description provided by source. !-- Digital Scribe 1.5 registerform Multiple POST XSS Vulnerabilities Vendor: Digital Scribe Product web page: http://www.digital-scribe.org Affected version: 1.5 Summary: The Digital Scribe is a free, intuitive system designed to help teachers put student work...
Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8573/info A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values. An attacker could exploit this issue to execute...
OpenBB 1.0 .0 RC3 BBCode Cross Agent HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4819/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. OpenBB is reportedly vulnerable to HTML injection attacks. The...
Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection
Exploit: XSS & Html code injection in Micronet SP1910 data access controller UI Date: 27-11-2009 Author: K053 Vendor: http://www.micronet.info/modeldetail.aspx?seriesno=6&sno=472 Tested on : Private Networks ------------------------------------------------------------------------------------ Note...
RSA ClearTrust 4.6/4.7 Login Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. An attacker can exploit...
cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9853/info It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to...
Mambo Open Source 4.5 index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. This issue...
SHOUTcast DNAS 2.2.1 - Stored XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link:...
SHOUTcast DNAS 2.2.1 Cross Site Scripting
Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link: http://forums.winamp.com/showthread.php?t=373139 Version: 2.2.1 for Win...
XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation
XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the...
BarracudaDrive Multiple XSS Vulnerabilities -01 (Jun 2014)
BarracudaDrive is prone to multiple XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Pixie CMS 1.04 Cross Site Scripting
Pixie CMS v1.04 Contact form POST XSS Vulnerabilities Vendor: Pixie CMS Product web page: http://www.getpixie.co.uk Affected version: 1.04 Severity: Medium CVE: CVE-2014-3786 Demo page: http://demo.getpixie.co.uk Discovered by: Filippos Mastrogiannis @filipposmastro & Simone Memoli @Simon90Italy...
Khan Academy: CRLF Injection
Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS cross-site scripting or session fixation. PoC...
Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite
High-Tech Bridge Security Research Lab discovered XSS vulnerability in Storesprite, which can be exploited to perform Cross-Site Scripting attacks. 1 Reflected Cross-Site Scripting XSS in Storesprite: CVE-2014-3737 The vulnerability exists due to insufficient sanitisation of user-supplied data in...