6722 matches found
CuteNews 1.4.6 - 'index.php' Cross-Site Request Forgery (New User Creation)
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
Wowd - 'index.html' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/42327/info Wowd search client is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...
Opera < 10.01 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 10.01. Such versions are potential affected by multiple issues : - Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash or possibly remote code execution. 938 - Opera may allow scripts to...
Opera < 10.01 Multiple Vulnerabilities
Binary data 800863.prm...
Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting
Overview Canon IT Solutions Inc. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS Inc. reported this vulnerabili...
Multiple Cybozu products vulnerable to cross-site scripting
Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Takeshi Terada of Mitsui Bussan Secure Directions,...
Links from indexbrowser.jsp are vulnerable to XSS attacks
CONF-16888 has introduced or re-introduced an XSS vulnerability. To reproduce: Create a new user, and for the Full Name use: noformatalert'Vulnerable'noformat Go to ../admin/indexbrowser.jsp and find the entry Click on the entry, and the script is executed. This also happens for other content typ...
Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplied HTML or JavaScript code could ru...
Cross-site scripting vulnerability in multiple phpspot products
Overview Multiple products provided by phpspot contain a cross-site scripting vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...
XF-Section vulnerable to cross-site scripting
Overview XF-Section from Happy Linux contains a cross-site scripting vulnerability. XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Chrome/Opera ATOM/RSS Reader Script Execution
Exploiting Chrome and Operas inbuilt ATOM/RSS reader with Script Execution and more ---------------------------------------------------------------------------- --------- For complete post with images, please visit - http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomr...
ColdFusion vulnerable to cross-site scripting
Overview ColdFusion provided by Adobe contains a cross-site scripting vulnerability. ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Project VEX of UBsecure...
XSS vulnerability can be exploited with the pagetree macro
Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...
XSS vulnerability can be exploited with the pagetree macro
Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...
XSS vulnerability can be exploited with the Userlister macro
Use the following markup: noformatuserlister:groups=alert'Vulerable'noformat Whenever the page is viewed, the script will be executed...
XSS bug when unfavouriting a dashboard
When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...
XSS bug when unfavouriting a dashboard
When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...
Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
Overview RevoCounter CGI Animation Counter from futomi's CGI Cafe contains a cross-site scripting vulnerability. RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting...
PHP Scripts Now Hangman - 'index.php?n' SQL Injection
source: https://www.securityfocus.com/bid/43513/info TOPHangman is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...
shiromuku(fs6)DIARY cross-site scripting vulnerability
Overview shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku contains a cross-site scripting vulnerability. shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the...