1481 matches found
Buffer overflow
Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data...
AShop Deluxe 4.5 - catalogue.php Cross-Site Scripting
AShop Deluxe 4.5 - catalogue.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may...
AShop Deluxe 4.5 - 'editcatalogue.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code...
Plesk 7.58.0 - get_password.php Cross-Site Scripting
Plesk 7.58.0 - getpassword.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21067/info Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and...
Tagit2b - 'DelTagUser.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This may...
Tagit2b - DelTagUser.php Remote File Inclusion
Tagit2b - DelTagUser.php Remote File Inclusion source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in...
Yblog - funk.php Cross-Site Scripting
Yblog - funk.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execut...
Yblog - uss.php Cross-Site Scripting
Yblog - uss.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute...
Yblog - 'tem.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...
Yblog - 'uss.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...
Photostore - 'details.php?gid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...
DanPHPSupport 0.5 - 'index.php?page' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...
BandSite CMS 1.1 - sendemail.php Cross-Site Scripting
BandSite CMS 1.1 - sendemail.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access...
FW: ExBB <=1.1 XSS vuln.
Извиняюсь ExBB =1.9.1 XSS vuln. From: KeVRter mailto:[email protected] Sent: Monday, May 01, 2006 7:53 PM To: ' [email protected]' Subject: ExBB =1.1 XSS vuln. Cross Site Scripting При добавлении сообщения/темы/голосования осуществляется не достаточная фильтрация входных данных: Примеры...
JVN#72225922 Apache Struts Validator allows to bypass input data validation
Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...
Buffer overflow
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...
Miraserver 1.0 RC4 - 'index.php?page' SQL Injection
source: https://www.securityfocus.com/bid/15960/info Miraserver is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise o...
IPSwitch IMail SMTP Buffer Overflow
A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level access to servers running IMail's SMTP daemon versions 6.06 and below. The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on various input data that gets passed to the IMail...
PHP-Fusion < 6.00.106 submit.php Multiple Parameter HTML Injection
Binary data 3037.prm...
OneWorldStore - OWAddItem.asp SQL Injection
OneWorldStore - OWAddItem.asp SQL Injection source: https://www.securityfocus.com/bid/13181/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...