PhPepperShop 1.4 index.php URL XSS

No description provided by source. source: http://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

Spyce 2.1.3 docs/examples/redirect.spy Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

CityPost PHP Image Editor M1 URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13256/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...

@Mail 4.0/4.13 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14408/info @Mail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

Redoable 1.2 Theme header.php s Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/24037/info Redoable is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Spyce 2.1.3 spyce/examples/formtag.spy Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

Dragonfly CMS 9.0.6 .1 News Module Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

QuadComm Q-Shop 2.5 Failure To Validate Credentials Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8153/info Zone-H has reported that the Q-Shop ASP shopping cart software contains a vulnerability that may allow remote attackers to upload arbitrary files. Once uploaded, the attacker may be able to have the script...

Simpnews 2.x admin/index.php Unspecified XSS

No description provided by source. source: http://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute...

ImgSvr 0.6.21 Error Message Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlyi...

SAP BusinessObjects 12 URI Redirection and Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to...

Zabbix Authenticated Remote Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

Just William's Amazon Webstore Closeup.PHP Image Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13419/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

Topic Calendar 1.0.1 Calendar_Scheduler.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...

Spread The Word Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13733/info Spread The Word is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...

EZHomePagePro 1.5 users_search.asp Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

Web Kyukincho vulnerable to cross-site scripting

Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the...

PT-2014-1704 · Python +5 · Python +5

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.5 and 3.3.4 Description: The issue arises from the CGIHTTPServer module's improper handling of URL-encoded path separators in URLs. This allows remote attackers to read script source code, conduct directory traversal...

Webmin vulnerable to cross-site scripting

Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Usermin vulnerable to cross-site scripting

Overview Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...