Multiple vulnerabilities in Phorum

Overview Phorum contains multiple vulnerabilities. Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

JVN#30221194: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...

JVN#99203127: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...

JVN#71435255: Multiple vulnerabilities in Phorum

Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...

Samba Web Administration Tool vulnerable to cross-site scripting

Overview Samba Web Administration Tool contains a cross-site scripting vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site scripting vulnerability. SWAT is disabled in a default configuration of Samba. nobuhiro tsuji...

awiki <= 20100125 Multiple LFI Vulnerabilities - Active Check

awiki is prone to multiple local file include LFI vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Vulnerability in Apple Safari Could Allow Information Disclosure

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple Safari version 5.05 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Apple Inc. Apple Inc...

Vulnerability in WordPress Could Allow Cross-Domain Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting WordPress version 3.1.2 and earlier, both as the cloud service from WordPress.com as well as the installable software available from WordPress.org. Microsoft discovered and disclose...

Mozilla Bugzilla越权访问漏洞(CVE-2011-2977)

BUGTRAQ ID: 49042 CVE ID: CVE-2011-2977 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla在实现上存在多个安全漏洞，远程攻击者可利用这些漏洞获取敏感信息，执行脚本插入和欺骗攻击。 用于上传附件的临时文件没有在Windows上删除。对服务器有本地访问权限的用户可在通常情况下不允许从Bugzilla中查看附件时查看附件。 Mozilla Bugzilla 4.x Mozilla Bugzilla 3.x Mozilla Bugzilla 2.x 厂商补丁： Mozilla -------...

Nginx 0.7.65 Shell Upload

Exploit Title : Nginx Server Configuration hole ; Upload file execute Software link : http://nginx.org/ Version : Confirmed in nginx v0.7.65. And PHP v5.3.2 with Suhosin patch and extension. Tested on : windows 7 Date : 29/07/2011 Author : sysmox.com Website : http://www.sysmox.com Email :...

Google Search Appliance vulnerable to cross-site scripting

Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Firefox 3.6 < 3.6.18 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is 3.6.x earlier than 3.6.18. Such versions are potentially affected by the following security issues : - Multiple memory safety issues can lead to application crashes and possibly remote code execution. CVE-2011-2374, CVE-2011-2376, CVE-2011-2364, CVE-2011-2365 -...

WeblyGo vulnerable to cross-site scripting

Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...

CVE-2011-2101

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...

CVE-2011-2101

Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...

Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)

The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A hea...

Silex <= 1.5.4.2 XSS Vulnerability - Active Check

Silex is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

IP Power 9258 TGI Scripts Unauthorized Access Vulnerability

IP Power 9258 is prone to an unauthorized-access vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Room Juice <= 0.3.3 XSS Vulnerability - Active Check

Room Juice is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...