CVE-2006-3643

Cross-site scripting XSS vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console MMC library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect...

Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue

-- Corsaire Security Advisory -- Title: VMware ESX Server Password Cross Site Request Forgery issue Date: 14.11.05 Application: VMware ESX prior to 2.5.3 upgrade patch 2 VMware ESX prior to 2.1.3 upgrade patch 1 VMware ESX prior to 2.0.2 upgrade patch 1 Environment: VMware ESX Author: Stephen de...

wwwthreadsXSS.txt

---------------------------------------------------------- Aria-Security.net Advisory Discovered by: l2odon Gr33t to: A.u.r.a & O.U.T.L.A.W & R@1D3N @ DrtRp & Cl0wn ----------------------------------------------------------- Software: wwwThreads Attack method: Cross Site Scripting Original...

V3 Chat Instant Messenger - online.php?site_id Cross-Site Scripting

V3 Chat Instant Messenger - online.php?siteid Cross-Site Scripting source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...

e107 0.7.5 - search.php Cross-Site Scripting

e107 0.7.5 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18508/info e107 is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

PHPODP 1.5 - 'ODP.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17976/info phpODP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

RWiki before 2.1.1 has cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...

timobraun Dynamic Galerie 1.0 - 'galerie.php?pfad' Arbitrary Directory Listing

source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabiliti...

ContentBoxx - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17612/info ContentBoxx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the...

AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability

NightWarriorKurdish Hacker nightwarrior771athotmail.com AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability http://www.alstrasoft.com http://vicktimhost/template/fullview.php?tempid=XSS Contact :nightwarrior771athotmail.com NightWarriorKurdihs Hacker...

Tangora Portal CMS 4.0 - 'Action' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16034/info Tangora Portal CMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

PHP-Fusion 6.0 - members.php Cross-Site Scripting

PHP-Fusion 6.0 - members.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15931/info PHP-Fusion is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to ha...

CVE-2005-4238

Mantis (web-based bug tracker) contains an XSS flaw in view_filters_page.php where the target_field input is not properly sanitised, enabling remote attackers to inject arbitrary script/HTML. Affected: Mantis 1.0.0rc3 and earlier. Root cause: insufficient input sanitisation leading to reflected/s...

SiteBeater News 4.0 - Archive.asp Cross-Site Scripting

SiteBeater News 4.0 - Archive.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/15697/info SiteBeater News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

Solupress News 1.0 - 'search.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15695/info Solupress News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...

VUBB - index.php Cross-Site Scripting

VUBB - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15260/info VUBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...

CubeCart 3.0.3 - cart.php?redir Cross-Site Scripting

CubeCart 3.0.3 - cart.php?redir Cross-Site Scripting source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any...

CVE-2005-2891

WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the 1 MakeArchive or 2 MakeArchiveStr methods...

Looking Glass - Cross-Site Scripting

Looking Glass - Cross-Site Scripting source: https://www.securityfocus.com/bid/14680/info Looking Glass is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also...

AutoIndex PHP Script 1.5.2 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14154/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...