6699 matches found
PHPWebGallery 1.x - comments.php Cross-Site Scripting
PHPWebGallery 1.x - comments.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18798/info PhpWebGallery is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to hav...
SoftBiz Banner Exchange Script 1.0 - 'index.php?PHPSESSID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. An attacker may leverage these issues to have arbitrar...
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System Advisory ID: cisco-sa-20060628-wcs http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml Revision 1.0 For Public Release 2006 June 28 1600 UTC GMT -...
cpanel10.txt
A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...
webcrawlerXSS.txt
webcrawler.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities
Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18626/info Custom Dating Biz is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...
vBulletin 3.0.9/3.5.x - 'member.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18551/info Vbulletin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of ...
Confixx <= 3
p0w3r curse-crew.de Examples: confixx/ftplogin/username/ftpindex.php?path=scriptalert'p0w3r oWnZ'/script...
Ji-takz - Remote File Inclusion
Ji-takz - Remote File Inclusion source: https://www.securityfocus.com/bid/18474/info Ji-takz is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containin...
Ji-takz - Remote File Inclusion
source: https://www.securityfocus.com/bid/18474/info Ji-takz is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containing malicious script code execute ...
Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
Description The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer...
ESTsoft InternetDisk - Arbitrary File Upload / Script Execution
source: https://www.securityfocus.com/bid/18279/info ESTsoft InternetDisk is prone to an arbitrary file-upload and script-execution vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate...
ESTsoft InternetDisk - Arbitrary File Upload Script Execution
ESTsoft InternetDisk - Arbitrary File Upload Script Execution source: https://www.securityfocus.com/bid/18279/info ESTsoft InternetDisk is prone to an arbitrary file-upload and script-execution vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in th...
ToendaCMS 0.7 - index.php Cross-Site Scripting
ToendaCMS 0.7 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18178/info ToendaCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
JVN#46691257 RWiki arbitrary Ruby script execution vulnerability
Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution Products Affected RWiki/2.1.0pre2 and all earlier versions...
CVE-2006-2435
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...
ICQ Client Cross-Application Scripting (XAS)
ICQ Client Cross-Application Scripting XAS by [email protected] Severity: Low Potential Impact: Remote script execution ICQ client in some condition is vulnerable to remote script injection into used Internet Explorer in My Computer Security Zone. Detailed description quote...
timobraun Dynamic Galerie 1.0 - 'galerie.php?pfad' Arbitrary Directory Listing
source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabiliti...
liberoXSS.txt
--Security Report-- Advisory: libero.it XSS vulnerability - HTML injection --- Author: Davide Denicolo --- Date: 28/04/06 --- Contact: davidesecurityinfos.com --- Vendor: ItaliaOnLine S.r.l http://www.libero.it Service: Web Level: Low --- Description: Libero.it is a Web portal of big Italian ISP:...
CuteNews 1.4.1 - search.php Multiple Cross-Site Scripting Vulnerabilities
CuteNews 1.4.1 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17850/info CuteNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacke...