Article Friendly - Filename Local File Inclusion

Article Friendly - Filename Local File Inclusion source: https://www.securityfocus.com/bid/38461/info Article Friendly is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensiti...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)

Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products...

Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability

This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross doma...

IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection

IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection source: https://www.securityfocus.com/bid/38360/info IBM WebSphere Portal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage...

Microsoft Outlook 2002 Script Execution (CVE-2004-0121)

Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Microsoft Outlook product is an implementation of an email client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...

SAP BusinessObjects 12 - URI redirection Cross-Site Scripting

SAP BusinessObjects 12 - URI redirection Cross-Site Scripting source: https://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can...

C99Shell 1.0 Cross Site Scripting

============================================================================================ | Title : !C99Shell v.1.0 pre-release build 16! Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com/vb | Script Home :...

SendStudio 4.0.1 - Cross-Site Scripting / Security Bypass

source: https://www.securityfocus.com/bid/37554/info SendStudio also called Email Marketer is prone to a cross-site scripting issue and a security-bypass issue. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Webring - Cross-Site Scripting

Webring - Cross-Site Scripting ======================================================================================== | Title : webring Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

Simple PHP Blog 0.5.1 - Local File Inclusion

Simple PHP Blog 0.5.1 - Local File Inclusion Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in th...

Xss Discuz! version 5.0.0 RC1

No description provided by source. Xss Discuz! version 5.0.0 RC1 Author: SpiderZ Sito: http://www.spiderz.altervista.org Sito2: https://www.spiderz.netsons.org Download Board : http://www.discuz.com File: usearch.html ?site=www.discuz.net&kw= Message Script:...

Microsoft 4.0 IIS repost.asp允许上传脚本执行文件

No description provided by source...

Active! mail 2003 cross-site scripting vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...

OpenX <= 2.8.1 execute arbitrary PHP code-exploits warning-the black bar safety net

Test method: OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the insecure file upload...

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)

source: https://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An attacker may leverage these issues to gain unauthorized access to the affected application and execute...

JVN#01245481 Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...

CuteNews 1.4.6 - &#039;index.php&#039; Cross-Site Request Forgery (New User Creation)

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

Wowd - &#039;index.html&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/42327/info Wowd search client is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...