CVE-2015-1433

program/lib/Roundcube/rcubewashtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting XSS attacks via the style attribute in an email...

CVE-2015-0220

The django.util.http.issafeurl function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, related to redirect URLs, as demonstrated by a...

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2469-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2469-1 advisory. Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers i...

Visa Europe Cross Site Scripting

Visa Europe Official Website Vulnerability ============================================= Published Report: 07/02/2014 Credits: Advanced Information Security Corporation, USA Severity: High/Critical OWASP TOP 10 CVSS: 7.0 Type: Web Application / Reflected Cross-Site Scripting Attack. Author:...

Ubuntu: Security Advisory (USN-1967-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CubeCart 3.0.20 Multiple Vulnerabilities

CubeCart versions 3.0.20 and below suffer from a remote shell upload, cross site scripting and remote SQL injection vulnerabilities. 1. OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart softwa...

Unfixed XSS vulnerability at gmap3.touraineverte.com

Security researcher Atmon3r, has submitted on 09/01/2012 a cross-site-scripting XSS vulnerability affecting gmap3.touraineverte.com, which at the time of submission ranked 175221 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/01/2012. It is...

Oracle WebCenter Content idc/idcplg Multiple Parameter XSS

Oracle WebCenter Content script '/idc/idcplg' contains several parameters that are incorrectly filtered, including 'sltPageTitle' and 'redirectPageTitle'. This makes the WebCenter Content install susceptible to a reflected cross-site scripting attack. By tricking someone into clicking on a...

webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities

webERP is prone to information-disclosure, SQL-injection, and cross- site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An...

Joomla 1.6.0 Cross Site Scripting

========================================== Joomla! 1.6.0 | Cross Site Scripting XSS Vulnerability ========================================== 1. OVERVIEW Joomla! 1.6.0 was vulnerable to Cross Site Scripting. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system CMS for...

MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability

Mantis is prone to a local file-include vulnerability because it fails to properly sanitize user supplied input. Input passed through the 'dbtype' parameter GET & POST to upgradeunattended.php script is not properly verified before being used to include files. Mantis is also prone to a cross-site...

CentOS Update for php CESA-2010:0919 centos4 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2010:0919 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for php RHSA-2010:0919-01

Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2010:0919-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Apple Safari WebKit fails to properly handle a crafted URL

Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute script in the context of another site.. Description According to Apple Safari 3.1.1: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Openi...

CVE-2007-6520

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2007:0533 Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP...

RHEL 2.1 : apache (RHSA-2007:0532)

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...

DSA-1287-1 ldap-account-manager

Bulletin has no description...

How to become a ASP Trojan master-vulnerability warning-the black bar safety net

Name: how to make a picture of the ASP Trojan can display pictures Built an asp file, the content of!-- of i nclude file="ating.jpg"-- 找 一 个 正常 图片 ating.jpg, insert the word Trojan,such as the ice Fox, with ultraedit to hex compiled, insert a picture, in order to run successfully, but also to...