PT-2010-4096 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.8.7g Description: The issue allows remote attackers to inject arbitrary web script or HTML via the name element in an XML template to templates import.php. Additionally, remote authenticated administrators can inject...

httpd: mod_proxy_ftp globbing XSS

A flaw was found in the modproxyftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. CVE-2008-2939...

apache mod_status cross-site scripting

Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4975

Cross-site scripting XSS vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

tomcat: missing fix for CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter,...

Cross site scripting

Cross-site scripting XSS vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

ShopCartDx 4.30 Remote Blind SQL Injection Exploit

!/usr/bin/perl 0-Day ShopCartDx newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://www.warwolfz.org/"; my $DefaultTime = request$Referrer; sub BlindSQLJnjection my $dec,$hex = @; return "./products.php?cid=-1 OR 1!=SELECT...

DEBIAN-CVE-2010-2273

Multiple cross-site scripting XSS vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...

CVE-2010-2273

Multiple cross-site scripting XSS vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...

CVE-2010-1418

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preced...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a 1 paste or 2 drag-and-drop operation for a...

CVE-2010-1649

Multiple cross-site scripting XSS vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php...

CVE-2010-2001

Cross-site scripting XSS vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2009-4839

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...

CVE-2010-1497

Cross-site scripting XSS vulnerability in downloadproc.php in dlstats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2010-1164

Multiple cross-site scripting XSS vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 element or 2 defaultColor parameter to the Colour Picker page; the 3 formName parameter, 4 element parameter, or 5 full name field to the Us...

VulnCheck KEV: CVE-2010-1164

Multiple cross-site scripting XSS vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 element or 2 defaultColor parameter to the Colour Picker page; the 3 formName parameter, 4 element parameter, or 5 full name...

CMS Ariadna 2009 - SQL Injection

Exploit Title : CMS Ariadna 2009 SQL Injection Date : 2010-04-19 Author : Andrés Gómez Contact : [email protected] Dork : "allinurl: detResolucion.php?tipodocid=" Exploit in Perl Start In Next Line: use LWP::Simple; Malicious users may inject SQL querys into a vulnerable application to fo...