MercuryBoard 1.1.5 - login.php Blind SQL Injection

MercuryBoard 1.1.5 - login.php Blind SQL Injection settitle$this-lang-loginheader; 55. $this-tree$this-lang-loginheader; 56. 57. //print "agent: $this-agent\n"; 58. 59. if !isset$this-post'submit' 60. $requesturi = $this-geturi; 61. 62. if substr$requesturi, -8 == 'register' 63. $requesturi =...

MercuryBoard 1.1.5 - 'login.php' Blind SQL Injection

settitle$this-lang-loginheader; 55. $this-tree$this-lang-loginheader; 56. 57. //print "agent: $this-agent\n"; 58. 59. if !isset$this-post'submit' 60. $requesturi = $this-geturi; 61. 62. if substr$requesturi, -8 == 'register' 63. $requesturi = $this-self; 64. 65. 66. return...

DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQLi

The version of the DatsoGallery component for Joomla! or Mambo running on the remote host is affected by a SQL injection vulnerability in subvotepic.php due to improper sanitization of user-supplied input to the User-Agent header before using it to construct database queries. Regardless of the PH...

Sarg: Remote execution of arbitrary code

Background Sarg Squid Analysis Report Generator is a tool that provides many informations about the Squid web proxy server users activities: time, sites, traffic, etc. Description Sarg doesn't properly check its input for abnormal content when processing Squid log files. Impact A remote attacker...

CVE-2008-1167

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

Stack overflow

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

CVE-2008-1167

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

DEBIAN-CVE-2008-1167

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

CVE-2008-1168

Cross-site scripting (XSS) in Squid Analysis Report Generator (Sarg) affects multiple 2.2.x releases (notably 2.2.4; earlier 2.2.3.1) via the User-Agent header when rendering the Squid proxy log. Root cause: an improper handling of User-Agent data leads to script/HTML injection. Impact: remote at...

Cross site scripting

Cross-site scripting XSS vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header...

CVE-2008-0178

Cross-site scripting XSS vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header...

CVE-2008-0179

Cross-site scripting XSS vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format...

Liferay Enterprise Portal 4.3.6 - User-Agent HTTP Header Cross-Site Scripting

Liferay Enterprise Portal 4.3.6 - User-Agent HTTP Header Cross-Site Scripting source: https://www.securityfocus.com/bid/27547/info Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this...

Liferay Enterprise Portal 4.3.6 - User-Agent HTTP Header Cross-Site Scripting

source: https://www.securityfocus.com/bid/27547/info Liferay Enterprise Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Input validation

Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual...