3009 matches found
SOL9875 - BIG-IP management interface vulnerability CVE-2008-6474
The BIG-IP CLI and Web Management Interface are vulnerable to a remote code-injection because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp...
CVE-2009-0540
Libero CVE-2009-0540 is an XSS vulnerability in Libero 5.3 SP5 (and possibly versions before 5.5 SP1) that allows remote attackers to inject arbitrary web script via the search term field. The issue arises from insufficient input filtering/sanitisation of HTML tags in the web app, and is categori...
ESET Remote Administrator远程脚本注入漏洞
BUGTRAQ ID: 33633 CVECAN ID: CVE-2009-0548 ESET Remote Administrator用于远程安装和集中管理网络中的ESET杀毒软件。 ESET Remote Administrator没有正确地验证对Additional Report Settings接口的输入,远程攻击者可以通过提交恶意请求注入任意HTML和脚本代码,并在用户查看报表的时候执行注入的代码。 Eset Remote Administrator 3.0.35 厂商补丁: Eset ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-6113
Cross-site scripting XSS vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the 1 username and 2 profile page...
CVE-2009-0424
The CVE-2009-0424 entry concerns AN Guestbook (ANG) prior to version 0.7.7. The vulnerability is a Cross‑Site Scripting (XSS) in sign1.php where the country parameter is not properly sanitized, enabling an attacker to inject arbitrary script/HTML via affected paths (administrator/manage.php or ad...
CVE-2009-0273
CVE-2009-0273 affects Novell GroupWise WebAccess (versions 6.5x, 7.0/7.01/7.02x/7.03/7.03HP1a, and 8.0). The vulnerability stems from cross-site scripting via unsanitized input in the WebAccess component, notably the POST parameters User.id and Library.queryText to /gw/webacc, with additional vec...
CVE-2009-0275
CVE-2009-0275 affects Ryneezy phoSheezy 0.2 via a static code injection vulnerability in admin.php that lets an authenticated admin inject PHP into config/header (and related config/footer, header) and can be exploited via CVE-2009-0250 to facilitate unauthenticated access. The issue is documente...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to inject arbitrary web script or HTML via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...
CVE-2009-0260
CVE-2009-0260: Multiple XSS vulnerabilities in MoinMoin, via action/AttachFile.py for WikiSandBox in versions before 1.8.1; attackers can inject script/HTML through AttachFile parameters rename or drawing (basename). Remote exploitation possible; remediation is upgrading to MoinMoin 1.8.1 or late...
CVE-2008-5917
The CVE-2008-5917 entry describes a Cross-site scripting (XSS) vulnerability in Horde Application Framework’s Text_Filter/Filter/xss.php, affecting Horde 3.2.2 and 3.3. It is reported when using Internet Explorer, allowing remote attackers to inject arbitrary web script or HTML via unknown vector...
CVE-2008-5858
CVE-2008-5858 relates to KnowledgeTree product families with Cross-Site Scripting (XSS) in multiple versions. Affected software/components include KnowledgeTree Open Source prior to 3.5.4a and related KnowledgeTree deployments referenced in connected documents (e.g., KnowledgeTree 3.x line). The ...
Megacubo 5.0.7 (mega://) Remote eval() Injection Exploit
Exploit for unknown platform in category remote exploits ======================================================== Megacubo 5.0.7 mega:// Remote eval Injection Exploit ======================================================== a href='mega://play|con...
CVE-2008-5264
The CVE-2008-5264 entry documents a Cross-site scripting (XSS) flaw in Tornado Knowledge Retrieval System versions 4.2 and earlier, affecting the searcher.exe component via the p parameter in a root action. Public sources do not provide additional exploit details, proof-of-exploit, affected versi...
CVE-2008-5214
CVE-2008-5214 refers to a cross-site scripting (XSS) vulnerability in ClanLite. The affected component is the web page calendrier.php ( ClanLite 2.2006.05.20 ), with the annee parameter enabling remote attackers to inject arbitrary web script or HTML. OpenVAS additionally flags potential SQL inje...
CVE-2008-5068
Multiple cross-site scripting XSS vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the 1 begin parameter to index.php and the 2 searchtext parameter to search.php. NOTE: the provenance of this information is unknown; the details are obtained solel...
CVE-2008-4818
CVE-2008-4818 is an XSS in Adobe Flash Player related to how HTTP response headers are interpreted. The vulnerability affects Flash Player 9.0.124.0 and earlier. In Red Hat advisories, fixes are delivered via flash-plugin updates: RHSA-2008-0980 for older RHEL3/4/others (updating to Flash Player ...
CVE-2008-4775
Cross-site scripting XSS vulnerability in pmdpdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and...
KLA10240 CI vulnerability in Kontiki DMS
An XSS vulnerability was found in Kontiki DMS. By exploiting this vulnerability malicious users can inject arbitrary web script. This vulnerability can be exploited remotely via a specially designed call. Original advisories - Related products Kontiki-Delivery-Management-System CVE list...
CVE-2008-3664
Multiple cross-site scripting XSS vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via 1 the real name field, related to the user list; 2 the target parameter to login.php, 3 the title parameter to activities/some.php, 4 the companyname parameter to...