webSPELL 4.1.2 - 'index.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28294/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

mUnky 0.01'index.php' Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30705/info mUnky is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows attackers to cause the application to execute arbitra...

Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit

No description provided by source. Sudo local root escalation privilege vuln versions : sudo 1.6.8p10 by breno You need sudo access execution for some bash script Use csh shell to change SHELLOPTS env ie: %cat x.sh !/bin/bash -x echo Getting root!! % cat /etc/sudoers ... breno ALL=ALL...

iDevSpot iSupport 1.8 'index.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

PHPMyChat 0.14/0.15 Languages.Lib.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20962/info phpMyChat is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

Mozilla Firefox/Thunderbird/SeaMonkey Chrome-Loaded About:Blank Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25142/info Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges. A malicious site may be able to cause the execution of a script with Chrome...

MilliScripts 1.4 Register.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15792/info MilliScripts is prone to a cross-site scripting vulnerability. This is due to a lack of proper input validation. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability

... FrontPage Server Extensions为FrontPage服务扩展，与IIS一起使用可以方便的支持管理、创建以及浏览FrontPage扩展的网站。 ... FrontPage Server Extensions对HTML页面的处理存在输入验证漏洞，远程攻击者可能在客户机器上执行任意脚本代码。 ... FrontPage Server Extensions的fpadmdll.dll中的一些参数没有正确的过滤返回给用户的特定输入，导致跨站脚本问题，可能允许攻击者以当前会话权限以客户机的浏览器中执行恶意脚本代码，利用这个漏洞必须用户交互。...

AbleDating 2.4 - search_results.php keyword Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/29342/info AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a cross-site scripting...

RealOne Player 1.0/2.0/6.0.10/6.0.11 SMIL File Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of...

Ashwebstudio Ashnews 0.83 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16426/info Ashnews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

TRG News 3.0 Script Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. Remote...

Jan Erdmann Jebuch 1.0 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11463/info It is reported that Jebuch is susceptible to an HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. This may allow an attacker to inject...

ImgSvr 0.6.21 Error Message Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlyi...

Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to...

NetFlow Analyzer 4 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15127/info NetFlow Analyzer 4 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Spyce 2.1.3 spyce/examples/request.spy name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

Spyce 2.1.3 spyce/examples/formtag.spy Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to...

ATutor 1.4.3 directory.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...