CVE-2014-0571

Cross-site scripting XSS vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-3033

Cross-site scripting XSS vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

David Harris Pegasus Mail 3.12 File Forwarding Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1738/info It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client. If the following code were to be inserted into a HTML...

CVE-2014-2711

Cross-site scripting XSS vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 BBE, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, a...

CVE-2014-2244

Cross-site scripting XSS vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in t...

CVE-2013-3523

SQL injection vulnerability in This HTML Is Simple THIS before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL...

Cross site scripting

Cross-site scripting XSS vulnerability in inc/extensions.php in VertrigoServ 2.25 allows remote attackers to inject arbitrary web script or HTML via the ext parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress.org has released WordPress 3.0.4

WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session. US-CERT encourages users and administrators to review the WordPress.org...

CVE-2010-3329

CVE-2010-3329 affects Microsoft Internet Explorer 7/8 through the HtmlDlgHelper class in mshtmled.dll. The vulnerability is a memory-corruption flaw caused by missing initialization when instantiating the HtmlDlgHelper Object from a Microsoft Office document opened in Word, leading to uninitializ...

My Kazaam Notes Management System Multiple Vulnerability

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: My Kazaam Notes Management System Multiple Vulnerability Vendor url:http://www.mykazaam.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic...

Edgephp Government Search Engine PHP Script Multiple Vulnerability

Exploit for php platform in category web applications ================================================================== Edgephp Government Search Engine PHP Script Multiple Vulnerability ==================================================================...

Edgephp Automated Articles Script Multiple Vulnerability

Exploit for php platform in category web applications ======================================================== Edgephp Automated Articles Script Multiple Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...

Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Vendor url:http://www.edgephp.com Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...

Software Index (XSS HTML) Vulnerability

Exploit for php platform in category web applications ======================================= Software Index XSS HTML Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...

FileNice Script Cross Site Scripting

======================================================================= FileNice Script Multiple Vulnerabilities ======================================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\...

Cross site scripting

Cross-site scripting XSS vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow

$Id: baofengstormonbeforevideodownload.rb 8685 2010-03-02 02:26:55Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

AwingSoft Winds3D Player 3.5 SceneURL Download and Execute

This module exploits an untrusted program execution vulnerability within the Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for IE ActiveX, Opera DLL and Firefox XPI. By setting the 'SceneURL' parameter to the URL to an executable, an attacker can execute arbitrary code...

MS Internet Explorer 8.0.7100.0 Simple HTML Remote Crash PoC

No description provided by source. Veryfied with IE8.0.7100.0 on W7 x64 RC. !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional" "http://www.w3.org/TR/html4/strict.dtd" html body div style = "width: 100%; max-height: 400px; overflow: scroll;" script type="text/javascript"...