6700 matches found
Zenphoto vulnerable to cross-site scripting
Overview Zenphoto contains a cross-site scripting vulnerability. Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
WEB PATIO vulnerable to cross-site scripting
Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wi...
FeedDemon vulnerable to arbitrary script execution
Overview FeedDemon is vulnerable to arbitrary script execution. FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Daiki Fukumori of Cybe...
JVN#18397171: FeedDemon vulnerable to arbitrary script execution
FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...
WordPress plugin WassUp vulnerable to cross-site scripting
Overview The WordPress plugin WassUp contains a cross-site scripting vulnerability. WassUp is a WordPress plugin that tracks visitors to the blog. WassUp contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Hexamail Server 4.4.5 - Persistent Cross-Site Scripting
Hexamail Server 4.4.5 - Persistent Cross-Site Scripting Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; root@bt:/ Send email to the victim: root@bt:/ sendemail -f [email protected] -t [email protected] -xu [email protected] \ -xp bob123 -u "Want some meal..?" -o...
Hexamail Server 4.4.5 - Persistent Cross-Site Scripting
Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; root@bt:/ Send email to the victim: root@bt:/ sendemail -f [email protected] -t [email protected] -xu [email protected] \ -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com Vendor time...
Hexamail Server <= 4.4.5 Persistent XSS Vulnerability
Exploit for windows platform in category web applications Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; email protected:/ Send email to the victim: email protected:/ sendemail -f email protected -t email protected -xu email protected \ -xp...
RSSOwl vulnerable to arbitrary script execution
Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
Sybase EAServer vulnerable to cross-site scripting
Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#77947437: RSSOwl vulnerable to arbitrary script execution
RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
Ajaxmint Gallery 1.0 - Local File Inclusion
source: https://www.securityfocus.com/bid/53659/info Ajaxmint Gallery is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and to execute local scripts in the context of the webserver...
Vanilla Forums About Me Plugin - Persistent Cross-Site Scripting
Title: Vanilla About Me Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + About Me 1.1.1 http://vanillaforums.org/addon/aboutme-plugin http://http://vanillaforums.org Go to...
multimedia macro allows execution of arbitrary scripts
The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...
Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS
Exploit for php platform in category web applications Title: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2...
OSQA vulnerable to cross-site scripting
Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...
Opera Browser Multiple Vulnerabilities October-10 (Mac OS X)
The host is installed with Opera browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnoct10macosx.nasl 5950 2017-04-13 09:02:06Z teissa $ Opera Browser Multiple Vulnerabilities October-10 Mac OS X Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...
Vulnerabilities in RealNetworks Helix Server Could Allow Arbitrary Script Execution
Executive Summary Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting RealNetworks Helix Server software version 14.2.0.212 and earlier. Microsoft discovered and disclosed these vulnerabilities under coordinated vulnerability disclosure to th...
Wireshark Insecure Search Path Script Execution (CVE-2011-3360)
A script execution vulnerability has been reported in Wireshark...
Redmine vulnerable to cross-site scripting
Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...