VoipSwitch - user.php Local File Inclusion

VoipSwitch - user.php Local File Inclusion source: https://www.securityfocus.com/bid/69109/info VoipSwitch is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scrip...

ISPConfig 3.0.54p1 Local Root

Exploit Title: ISPConfig 3 authenticated admin Localroot vulnerability Date: 7/25/14 Exploit Author: mra Vendor Homepage: http://wwwispconfig.org Version: 3.0.54p1 Tested on: ubuntu, centos irc.criten.net elite-chat While logged in as admin user: 1 add a shell user 2 under option set gid to...

JVN#85748534: PerlMailer vulnerable to cross-site scripting

PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...

Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting

Zenoss Monitoring System 4.2.5-2108 x64 - Persistent Cross-Site Scripting Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org Vendor homepage: http://zenoss.com Software Link: http://www.zenoss.com...

Omeka 2.2.1 - Remote Code Execution

Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

Cybozu Garoon vulnerable to cross-site scritping

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update...

Spyce 2.1.3 docs/examples/redirect.spy Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

Spyce 2.1.3 spyce/examples/getpost.spy Name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability

No description provided by source. 'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticat...

PHPBB 2.0.x Viewtopic.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

Microsoft Outlook Express 5/6 Script Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8281/info It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have...

Claroline 1.8.9 exercise/exercise.php URL XSS

No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...

myPHPNuke 1.8.8 Links.php Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code...

Jax PHP Scripts 1.0/1.34/2.14/3.31 petitionbook Script User IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

CityPost PHP Image Editor M1 URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13256/info CityPost Image Cropper/Resizer is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'image-editor-52.php' script...

Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the...

BlackBoard Internet Newsboard System 1.5.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may...

PHPLib Team PHPLIB 7.2 - Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility...