450 matches found
Nmap NSE net: http-php-version
Attempts to retrieve the PHP version from a web server. PHP has a number of magic queries that return images or text that can vary with the PHP version. This script uses the following queries: '/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42': gets a GIF logo, which changes on April Fool's Day...
CVE-2011-1427
Multiple cross-site scripting XSS vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Language parameter to Pages/login.aspx, 2 HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or 3 User-Agent header to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Language parameter to Pages/login.aspx, 2 HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or 3 User-Agent header to...
JAKCMS 2.0 PRO RC5 Stored Cross Site Scripting
Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably earlier version Tested on: Firefox 3.0.15, , IE 8 Vendor...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file...
CVE-2010-4595
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...
Design/Logic Flaw
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...
CVE-2010-4147
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to 1 index.php and 2 product-list.php...
Sql injection
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to 1 index.php and 2 product-list.php...
CVE-2010-4147
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to 1 index.php and 2 product-list.php...
CVE-2003-1587
Cross-site scripting XSS vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header...
DEBIAN-CVE-2008-7250
Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...
CVE-2008-7250
Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...
CVE-2008-7250
Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...
Cross site scripting
Cross-site scripting XSS vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
CVE-2009-3652
The CVE-2009-3652 entry covers a Cross-site scripting (XSS) vulnerability in Drupal's Organic Groups (OG) module. It affects OG 5.x-7.x before 5.x-7.4, OG 5.x-8.x before 5.x-8.1, and OG 6.x-1.x before 6.x-1.4. The issue allows remote authenticated users (with create or edit group nodes permission...
CVE-2009-3651
Cross-site scripting XSS vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
Mandriva Update for sarg MDVSA-2008:079 (sarg)
Check for the Version of sarg OpenVAS Vulnerability Test Mandriva Update for sarg MDVSA-2008:079 sarg Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CVE-2008-6645
Cross-site scripting XSS vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header $SERVER 'HTTPUSERAGENT', which is not properly handled when displaying log files...
Stable and Beta Update: Incognito Mode Fix
Google Chrome's Beta and Stable channels have been updated to 1.0.154.48. The change in 1.0.154.46 to fix Hotmail caused a problem for users in Incognito mode trying to access sites which depend on the User-Agent header. This header identifies the type of browser making the request and should be...