JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting...

JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting...

CVE-2012-3213

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting...

Microsoft System Center Operations Manager Cross-Site Scripting (MS13-003; CVE-2013-0009)

A cross-site scripting vulnerability has been reported in Microsoft System Center Operations Manager...

CVE-2012-4970

CVE-2012-4970 is a cross-site scripting (XSS) vulnerability in the web management interface of Polycom HDX Video End Points. Affected software includes UC APL prior to 2.7.1_J and commercial prior to 3.0.5. Polycom fixed the issue starting with commercial build 3.0.5 and UC APL 2.7.1.1_J; the spe...

Fedora 17 : perl-HTML-Template-Pro-0.9509-1.fc17 (2012-15490)

This version of HTML::Template::Pro fixes a cross-site scripting XSS vulnerability in the module. http://www.openwall.com/lists/oss-security/2011/12/19/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 https://vulners.com/cve/CVE-2011-4616 Note that Tenable Network Security has extracted...

WordPress MF Gig Calendar 0.9.2 Cross Site Scripting

/---------------------------------------------------------\ | MF Gig Calendar Wordpress Plugin - Cross-Site Scripting | ---------------------------------------------------------/ Summary ======= MF Gig Calendar 0.9.2 is subject to a cross-site scripting vulnerability. The value of a generic...

Slackware: Security Advisory (SSA:2011-210-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

Openconstructor CMS 3.12.0 i_hybrid.php XSS

Title: Openconstructor CMS 3.12.0 'data/hybrid/ihybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...

CVE-2012-3382

Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...

Reflected XSS - ownCloud

Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter. Affected Software ownCloud Server 4.0.3 CVE-2012-4395 Action Taken It is recommended that all instances are upgraded to ownClo...

JVN#36993373: SmallPICT vulnerable to cross-site scripting

SmallPICT is a bulletin-board software. SmallPICT contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affecte...

Fedora 17 : moodle-2.2.3-1.fc17 (2012-8284)

CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue...

CVE-2012-1190

Cross-site scripting XSS vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name...

Unfixed XSS vulnerability at en.gamersgate.com

Security researcher wutsec, has submitted on 04/02/2012 a cross-site-scripting XSS vulnerability affecting en.gamersgate.com, which at the time of submission ranked 21854 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/02/2012. It is current...

Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context ...

Adobe Flash Player ActiveX Control Cross-Site Scripting (APSB12-03; CVE-2012-0767)

A cross-site scripting vulnerability has been reported in Adobe Flash Player...

Unfixed XSS vulnerability at www.hcltech.com

Security researcher Anshul katta, has submitted on 22/02/2012 a cross-site-scripting XSS vulnerability affecting www.hcltech.com, which at the time of submission ranked 35647 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 22/02/2012. It is...

Oracle Fusion WebLogic Server Component WLS-Console Management Interface Unspecified XSS

The version of the WebLogic component on Oracle Middleware installed on the remote Windows host is affected an unspecified cross-site scripting vulnerability related to WLS-Console. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the...