3009 matches found
CVE-2010-4071
Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...
CVE-2011-0004
Multiple cross-site scripting XSS vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-4497
CVE-2010-4497 is an XSS vulnerability in the Collaborative Information Manager (CIM) server, as used in TIBCO CIM before 8.1.0 and ActiveCatalog before 1.0.1. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available documents do not provide d...
CVE-2010-4524
Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...
Gitweb <=1.7.3.3 Cross Site Scripting
Exploit for cgi platform in category web applications -8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure 0day.today...
CVE-2010-4388
The 1 Upsell.htm, 2 Main.html, and 3 Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended...
CVE-2010-4396
CVE-2010-4396 involves a Cross-zone scripting vulnerability in RealNetworks RealPlayer's ActiveX control (NavigateToURL path) affecting RealPlayer 11.0–11.1, RealPlayer SP 1.0–1.1.5, and RealPlayer Enterprise 2.1.2. The HandleAction method can be exploited to inject arbitrary web script/HTML into...
CVE-2010-4388
The 1 Upsell.htm, 2 Main.html, and 3 Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended...
CVE-2010-4388
The CVE-2010-4388 issue affects RealNetworks RealPlayer suites (RealPlayer 11.0–11.1, RealPlayer SP 1.0–1.1.5, RealPlayer Enterprise 2.1.2–2.1.3). Concrete details in connected sources show a uniform vulnerability in the RealOneActiveXObject handling within Upsell.htm, Main.html, and Custsupport....
Pandora Fms 3.1 - SQL Injection
Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...
Pandora Fms 3.1 - SQL Injection
Pandora Fms 3.1 - SQL Injection + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications...
Pandora FMS 3.1 - Authentication Bypass
Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do...
RoSPORA 1.5.0 Remote PHP Code Injection
'; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter passed through $GET's' isn't properly...
腾讯QQ 2010 SP1消息记录远程代码注入漏洞
腾讯QQ是一款在中国非常广泛使用的即时聊天工具。 腾讯QQ 2010 SP1在处理消息记录时,没有对会话消息中的Javascript和Html标签进行正确转义,攻击者可以发送恶意消息注入脚本代码并执行。 Tencent QQ 2010 SP1 最新版本的腾讯QQ已经修复此漏洞,建议用户下载使用: http://im.qq.com/qq/dlqq.shtml input onclick="window.location=' x68x74x74x70x3ax2fx2fx77x77x77x2ex62x6fx77x6fx73x2ex63x6fx6d'"/ img src='tetet'...
CVE-2010-3715
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...
CVE-2010-3715
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...
CVE-2010-2802
CVE-2010-2802 affects MantisBT prior to version 1.2.2, with a cross-site scripting (XSS) vulnerability via an HTML document named with a .gif extension in inline attachments. The issue requires authenticated remote access and can inject arbitrary script/HTML. No explicit exploitation details, aff...
CA BrightStor ARCserve Backup Tape Engine RPC Opcode 207 Buffer Overflow (CVE-2007-0169)
Computer Associates BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exists a...
GFI WebMonitor Admin UI Remote Script Code Injection
GFI WebMonitor Admin UI Remote Script Code Injection ==================================================== Affected Products/Versions -------------------------- Product Name: GFI Webmonitor Version Number: 2009 Build Number: 20100324 Platform: Microsoft Windows Product/Company Information...