1085 matches found
Sql injection
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...
CVE-2011-2509
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...
DEBIAN-CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
Nmap NSE net: http-passwd
Checks if a web server is vulnerable to directory traversal by attempting to retrieve '/etc/passwd' or '\boot.ini'. The script uses several technique: Generic directory traversal by requesting paths like '../../../../etc/passwd'. Known specific traversals of several web servers. Query string...
CVE-2011-1765
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...
CVE-2011-1765
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...
CVE-2011-1765
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...
PT-2011-3356 · Mediawiki · Mediawiki
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...
CVE-2011-2153
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...
CVE-2011-2153
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...
eclipse: Help Content web application vulnerable to multiple XSS
Multiple cross-site scripting XSS vulnerabilities in the Help Contents web application aka the Help Server in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 help/index.jsp or 2 help/advanced/content.jsp...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...
Cross site scripting
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...
CVE-2011-1578
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...
CVE-2011-1587
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...
CVE-2011-1578
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...
CVE-2011-1587
MediaWiki vulnerable component: web application logic handling file uploads and URI parsing. CVE-2011-1587 is a cross-site scripting (XSS) flaw affecting MediaWiki prior to 1.16.4, triggered when Internet Explorer 6 or earlier is used and a file with a dangerous extension (e.g., .html) is accesse...
Joomla! < 1.6.1 Query String Parameter Multiple XSS Vulnerabilities
Joomla is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...