Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System CMS before 9.10 SP1 Build 9.1.0.184.1.114 allow remote authenticated users to inject arbitrary web script or HTML via the 1 page, 2 action, 3 folderid, or 4 LangType parameter...

Red Hat Satellite and Spacewalk Cross-Site Scripting Vulnerability (CNVD-2015-03621)

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is the United States Red Hat Red Hat company's set of system management platform. spacewalk is based on the Red Hat Network Satellite and the development of a set of open source Linux system management solutions. A cross-site...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nspsearch page to wp-admin/admin.php...

WordPress WP Statistics Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress WP Statistics is a wordpress based statistics plugin. WordPress WP Statistics suffers from a cross-site scripting vulnerability that...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a 1 Glance image, 2 Nova flavor or 3 Host Aggregate...

DEBIAN-CVE-2015-2704

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...

MediaWiki Incomplete Blacklist Vulnerability (CNVD-2015-02417)

MediaWiki is a Wiki program. An incomplete blacklist vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of an element with the xlink:href attribute...

CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

Cross site scripting

Cross-site scripting XSS vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 zone parameter to statuscaptiveportal.php; 2 if or 3 dragtable parameter to firewallrules.php; 4 queue parameter in an add action to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields...

Serendipity cross-site scripting vulnerability (CNVD-2015-01957)

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site scripting vulnerability exists in the templates/2k11/admin/entries.tpl file in Serendipity versions prior to 2.0.1. The...

Wordpress Theme Photocrati 4.x.x - SQL Injection & XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: wordpress theme photocrati 4.X.X SQL INJECTION Google Dork: Designed by Photocrati also powered by Photocrati Date: 23 / 09 / 2011 Exploit Author: ayastar Email : email protected Software Link: http://www.photocrati.com Version:...

WordPress Daily Edition Theme SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress Daily Edition Theme is a theme plugin for wordpress. WordPress Daily Edition Theme "fiche-disque.php...

D-Link friends of the perbadanan router Exposure the remote file upload and command injection vulnerabilities-vulnerability warning-the black bar safety net

D-Link router security also really many, some time ago just burst home Router the presence of a remote command injection vulnerability, and then someone in their firmware on the discovered two remotely exploitable vulnerabilities. An attacker could exploit the vulnerability can remotely access th...

Maroyaka CGI Maroyaka Simple Board Cross-Site Scripting Vulnerability

Maroyaka CGI Maroyaka Simple Board is a CGI script for publishing text to websites. A cross-site scripting vulnerability exists in Maroyaka CGI Maroyaka Simple Board. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

WordPress Theme Photocrati 4.x - SQL Injection Cross-Site Scripting

WordPress Theme Photocrati 4.x - SQL Injection Cross-Site Scripting Exploit Title: wordpress theme photocrati 4.X.X SQL INJECTION Google Dork: Designed by Photocrati also powered by Photocrati Date: 23 / 09 / 2011 Exploit Author: ayastar Email : [email protected] Software Link:...

WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting

Exploit Title: wordpress theme photocrati 4.X.X SQL INJECTION Google Dork: Designed by Photocrati also powered by Photocrati Date: 23 / 09 / 2011 Exploit Author: ayastar Email : [email protected] Software Link: http://www.photocrati.com Version: 4.X.X Tested on: windows 7 -------- details |...

CVE-2015-2072

Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...

WordPress plugin WooCommerce cross-site scripting vulnerability (CNVD-2015-01281)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...