1968 matches found
CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3
Cross site scripting in toendaCMS 1.5.3 security advisory References: http://www.toendacms.com/ https://vulners.com/cve/CVE-2007-1872 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session...
VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/19249/info VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The following issues were reported: 1. An information disclosure vulnerability that could disclose the session ID...
Pubcookie application server modules contain cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...
NeoMail neomail.pl sort Parameter XSS
The remote host is running NeoMail, an open source webmail application written in Perl. The installed version of this software fails to validate the 'sort' parameter in the 'neomail.pl' script before using it to generate dynamic content. An attacker may be able to exploit this issue to inject...
Session fixation
claroinitlocal.inc.php in Claroline 1.7.2 uses guessable session cookies MD5 hash of connection time, which allows remote attackers to hijack sessions and possibly gain administrative privileges...
Novell NetMail 3.x - Automatic Script Execution
source: https://www.securityfocus.com/bid/14171/info Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is viewed. A successful attack may allow...
Novell NetMail 3.x - Automatic Script Execution
Novell NetMail 3.x - Automatic Script Execution source: https://www.securityfocus.com/bid/14171/info Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email...
Xoops < 2.0.12 Multiple XSS / SQL Injection
Binary data 3041.prm...
[AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BEA WebLogic Administration Console error page cross-site scripting vulnerability AppSecInc Team SHATTER Security Advisory BEA05-V0100 http://www.appsecinc.com/resources/alerts/general/BEA-001.html May 27, 2005 Affected versions: BEA WebLogic Server 7...
Horde Chora common-footer.inc Page Title XSS
According to its version, the remote installation of Chora fails to fully sanitize user-supplied input when setting the parent frame's page title by JavaScript in 'templates/common-footer.inc'. By leveraging this flaw, an attacker may be able to inject arbitrary HTML and script code into a user's...
ASP Portal - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...
ASP Portal - Multiple Vulnerabilities
ASP Portal - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic...
CVE-2003-0965
CVE-2003-0965 is a cross-site scripting (XSS) vulnerability in the Mailman admin CGI script before 2.1.4. The issue allows remote attackers to steal session cookies and perform unauthorized activities via the administrative interface. Affected: Mailman (admin CGI). Root cause: XSS in the admin UI...
CVE-2003-0965
Removed by vendor...
CVE-2003-1249
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions...
Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes
Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in the transf...
Corsaire Security Advisory: PeopleSoft IScript XSS issue
-- Corsaire Security Advisory -- Title: PeopleSoft IScript XSS issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Glyn Geoghegan [email protected] Audience: General distribution Reference: c030704-004 -- Scope -- The aim of this document is to...
[Full-Disclosure] Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue
-- Corsaire Security Advisory -- Title: BEA WebLogic example InteractiveQuery.jsp XSS issue Date: 04.07.03 Application: BEA WebLogic 8.1 and prior Environment: Various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030704-008 -- Scope -- The aim of this...
[SECURITY] [DSA-388-1] New kdebase packages fix multiple vulnerabilites in KDM
-------------------------------------------------------------------------- Debian Security Advisory DSA 388-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 19th, 2003 http://www.debian.org/security/faq -...
[KDE SECURITY ADVISORY] KDM vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KDM vulnerabilities Original Release Date: 2003-09-16 URL: http://www.kde.org/info/security/advisory-20030916-1.txt 0. References http://cert.uni-stuttgart.de/archive/suse/security/2002/12/ msg00101.html...