Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative...

[SWRX-2010-001] Cisco ASA HTTP Response Splitting Vulnerability

SecureWorks Security Advisory SWRX-2010-001 Cisco ASA HTTP Response Splitting Vulnerability Advisory Information Title: Cisco ASA HTTP Response Splitting Vulnerability Advisory ID: SWRX-2010-001 Advisory URL: http://www.secureworks.com/ctu/advisories/SWRX-2010-001 Date published: Thursday, June 2...

Cross-Site Scripting Vulnerability in Interstage Portalworks and Interstage Interaction Manager Portal Function

Overview The portal function of Interstage Portalworks and Interstage Interaction Manager is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected browser. Solution Please refer to the 'Vendor Information' section for the official...

Anodyne SIMM Management System (SMS) <= 2.6.10 LFI Vulnerability

Anodyne SIMM Management System SMS is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PithCMS <= 0.9.5 LFI Vulnerability - Active Check

PithCMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Cross-site Scripting (XSS) Vulnerability in CompactCMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in CompactCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CompactCMS The vulnerability exists due to input sanitation error in the "keywords" parameter in...

Multiple vulnerabilities in ActiveGeckoBrowser

Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...

Rayzz Photoz Shell Upload

========================================================== Rayzz Photoz Upload Vulnerability ========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /'...

e-Pares vulnerable to cross-site scripting

Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...

Consona - &#039;n6plugindestructor.asp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/39999/info Multiple Consona formerly SupportSoft products are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site an...

In-portal 5.0.3 Remote Arbitrary File Upload Exploit

In-portal is prone to a remote arbitrary file-upload vulnerability This issue may allow remote attackers to upload arbitrary files, including malicious scripts, and possibly to execute a script on the affected server. In-portal Web 2.0 CMS v5.0.3 is affected by this issue. Other or lowers version...

MODx vulnerable to cross-site scripting

Overview MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported th...

PotatoNews 1.0.2 - nid Multiple Local File Inclusions

PotatoNews 1.0.2 - nid Multiple Local File Inclusions source: https://www.securityfocus.com/bid/39276/info PotatoNews is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...

ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability

ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-063 April 5, 2010 -- CVE ID: CVE-2010-1121 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPointTM IPS Customer...

Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in...

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

Compiere vulnerable to cross-site scripting

Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...

From learning webshell hide to Ferret out the simple analysis-vulnerability warning-the black bar safety net

webshell,do not say it!, The back door,ancient and modern breaking the network must home,great bite is stab,thousand station with the waste of the said,blowing a big,theme. First of all, we in the dark said,once into the site,it will leave the back door,but the current mainstream is asp,php free...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...