3009 matches found
DEBIAN-CVE-2012-2582
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...
CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2012-4263
Cross-site scripting XSS vulnerability in inc/admin/content.php in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTPUSERAGENT header...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263...
CVE-2012-4267
CVE-2012-4267 describes a stored/persistent XSS in Sockso’s user/register endpoint for Sockso 1.5 and earlier, where an attacker can inject arbitrary script or HTML via the name parameter. The affected component is the registration flow (user/register) in Sockso prior to version 1.6, with the roo...
CVE-2012-3464
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...
CVE-2012-3413
CVE-2012-3413 affects KDE PIM (kdepim) 4.6–4.8 where HTMLQuoteColorer::process does not disable JavaScript, Java, and browser plugins in HTML mail, enabling remote code or HTML injection via crafted emails. Connected advisories indicate a remediation: the Fedora update (FEDORA-2012-10411) patches...
CVE-2012-2022
HP NNMi (Network Node Manager i) vulnerable to remote cross-site scripting (XSS) in NNMi 8.x and 9.x (9.0x, 9.1x, 9.20). The CVE-2012-2022 entry documents unspecified vectors that could allow an attacker to inject web script or HTML via the NNMi web interface. The security bulletin notes the vuln...
CVE-2012-3848
CVE-2012-3848 affects Plixer Scrutinizer (Dell SonicWALL Scrutinizer) prior to 9.5.0. The vulnerability class is Cross-Site Scripting (XSS) in the web console, exploitable via the d4d/exporters.php (query string and Referer header) and d4d/contextMenu.php inputs, allowing remote attackers to inje...
CVE-2012-3393
CVE-2012-3393 is an XSS vulnerability in Moodle via repository/lib.php, exploitable by remote authenticated administrators who rename a repository. Affected versions are Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4. The underlying flaw allows injection of arbitrary web script/HTML by tamperin...
CVE-2012-3844
Cross-site scripting XSS vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post...
CVE-2012-2698
Cross-site scripting XSS vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Mainpage...
CVE-2011-4956
Cross-site scripting XSS vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Syneto EMail Protection v1.5.1 - Multiple Web Vulnerabilities
Document Title: =============== Syneto EMail Protection v1.5.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=547 Release Date: ============= 2012-06-24 Vulnerability Laboratory ID VL-ID: ==================================...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action...
PHP4dvd - config.php PHP Code Injection
PHP4dvd - config.php PHP Code Injection source: https://www.securityfocus.com/bid/60257/info php4dvd is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a...
Small-Cms - 'hostname' Remote PHP Code Injection
source: https://www.securityfocus.com/bid/53703/info Small-Cms is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the...
PHP List 2.10.9 PHP Code Injection
--------------------------------------- Author : L3b-r1'z Title : Php List 2.10.9 Remote PHP Code Injection Date : 5/25/2012 Email : [email protected] Site : Sec4Ever.com & Exploit4arab.com --------------------------------------- This PoC was written for educational purpose. Use it at your own ris...
WeBid converter.php Remote PHP Code Injection
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
WeBid converter.php Remote PHP Code Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WeBid converter.php Remote PHP Code...