epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51149/info epesi BIM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting IDA Pro running the IDAPython plugin. By default, the IDAPython plugin is installed with all versions of IDA Pro. Microsoft discovered and disclosed the vulnerability under...

Microsoft Internet Explorer XSS Filter Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to...

phpWebSite vulnerable to cross-site scripting

Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

Etomite vulnerable to cross-site scripting

Overview Etomite contains a cross-site scripting vulnerability. Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

PowerChute Business Edition vulnerable to cross-site scripting

Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...

acroread: multiple code execution flaws (APSB11-16)

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...

ChaSen vulnerable to buffer overflow

Overview ChaSen provided by Nara Institute of Science and Technology contains a buffer overflow vulnerability. ChaSen provided by Nara Institute of Science and Technology is a software for morphologically analyzing Japanese. ChaSen contains an issue when reading in strings, which may lead to a...

Iwate Portal Bar vulnerable to arbitrary script execution

Overview Iwate Portal Bar is vulnerable to arbitrary script execution. Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper...

JVN#33861625: Iwate Portal Bar vulnerable to arbitrary script execution

Iwate Portal Bar is an add-on to Internet Explorer that adds a toolbar and provides multiple functions. The RSS/Atom feed reader function in Iwate Portal Bar is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An...

WebObjects vulnerable to cross-site scripting

Overview WebObjects provided by Apple, contains a cross-site scripting vulnerability. WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...

Pligg vulnerable to cross-site scripting

Overview Pligg contains a cross-site scripting vulnerability. Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

Plume vulnerable to cross-site scripting

Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

Microsoft Internet Explorer 'OLEAuto32.dll' CVE-2011-1995 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...

JVN#09789751: BaserCMS vulnerable to cross-site scripting

BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

Juniper Networks IDP ACM vulnerable to cross-site scripting

Overview Juniper Networks IDP ACM Appliance Configuration Manager contains a cross-site scripting vulnerability. Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Lt...

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN30221194. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN99203127. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

Multiple vulnerabilities in Phorum

Overview Phorum contains multiple vulnerabilities. Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#99203127: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...