TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities

TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17029/info The 'textfileBB' application is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access

LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...

DVGuestbook 1.01.2.2 - dv_gbook.php?f Cross-Site Scripting

DVGuestbook 1.01.2.2 - dvgbook.php?f Cross-Site Scripting source: https://www.securityfocus.com/bid/16968/info DVGuestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16970/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issue t...

HitHost 1.0 - viewuser.php?hits Cross-Site Scripting

HitHost 1.0 - viewuser.php?hits Cross-Site Scripting source: https://www.securityfocus.com/bid/17025/info HitHost is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...

VBZooM Forum 1.11 - 'comment.php?UserID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16956/info VBZooM Forum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...

Dragonfly CMS 9.0.6.1 Downloads Module - 'c' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in...

RunCMS 1.x - Ratefile.php Cross-Site Scripting

RunCMS 1.x - Ratefile.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16769/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

[SA18963] Mac OS X "__MACOSX" ZIP Archive Shell Script Execution

TITLE: Mac OS X "MACOSX" ZIP Archive Shell Script Execution SECUNIA ADVISORY ID: SA18963 VERIFY ADVISORY: http://secunia.com/advisories/18963/ CRITICAL: Extremely critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION:...

EveryoneXSS.txt

Title: Everyone's loginName variable Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Published: 12 february 2006 MorX Security Research Team http://www.morx.org Service: Webmail Vendor: everyone / www.everyone.net Vulnerability: Cross Site Scripting Exploit included: Yes Details:...

Design/Logic Flaw

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...

cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities

cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16482/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues ...

Ashwebstudio Ashnews 0.83 - Cross-Site Scripting

Ashwebstudio Ashnews 0.83 - Cross-Site Scripting source: https://www.securityfocus.com/bid/16426/info Ashnews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

MDKSA-2005:120-1 : mozilla-firefox

A number of vulnerabilities were reported and fixed in Firefox 1.0.5 and Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update: In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and...

EV0014.txt

New eVuln Advisory: TinyPHPForum Multiple Vulnerabilities --------------------Summary---------------- Software: TinyPHPForum Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/ Versions: 3.6 and earlier Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched...

[eVuln] TinyPHPForum Multiple Vulnerabilities

New eVuln Advisory: TinyPHPForum Multiple Vulnerabilities --------------------Summary---------------- Software: TinyPHPForum Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/ Versions: 3.6 and earlier Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched...

phpDocumentor 1.2/1.3 - Forum Lib Variable Cross-Site Scripting

source: https://www.securityfocus.com/bid/16101/info phpDocumentor is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browse...

Binary Board System 0.2.5 - toc.pl?board Cross-Site Scripting

Binary Board System 0.2.5 - toc.pl?board Cross-Site Scripting source: https://www.securityfocus.com/bid/15913/info binary board system is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

EZDatabase 2.1.2 - index.php?db_id SQL Injection

EZDatabase 2.1.2 - index.php?dbid SQL Injection source: https://www.securityfocus.com/bid/15908/info ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. ezDatabase is prone to an SQL...