5210 matches found
CVE-2013-6320
CVE-2013-6320 is an XSS vulnerability affecting IBM Algo One as used in MetaData Management Tools (UDS 4.7.0–5.0.0), and in Algo Security Access Control Management (ACSWeb in Algo) (4.7.0–4.9.0) and AlgoWebApps (5.0.0). The underlying issue is a cross-site scripting flaw that allows remote authen...
CVE-2014-1965
CVE-2014-1965 is an XSS vulnerability in the ISpeakAdapter of SAP Exchange Infrastructure (BC-XI) Integration Repository. Affected: SAP NetWeaver components 3.0, 7.00–7.02, and 7.10–7.11. Description: remote attackers could inject arbitrary web script/HTML via PIP vectors. Impact: potential brows...
Cross site scripting
Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
CVE-2013-0566
Multiple cross-site scripting XSS vulnerabilities in the 1 Accelerator JSPs, 2 Organization Administration Console JSPs, and 3 Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
Console: XSS in invoke operation
It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...
GLSA-201211-01 : MantisBT: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201211-01 MantisBT: Multiple vulnerabilities Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could exploit these vulnerabilities...
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
Ad Manager Pro is prone to multiple sql injection and cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Ad Manager Pro - Multiple Vulnerabilities
Ad Manager Pro - Multiple Vulnerabilities ----------------------------------------------------------- Ad Manager Pro Bug discovered by Yakir Wizman Date 24/08/2012 Vendor Homepage - http://www.phpwebscripts.com/ad-manager-pro/ Demo - http://www.scripts-demo.com/admanagerpro/ ISRAEL...
PHP Web Scripts Text Exchange Pro - 'page' Local File Inclusion
source: https://www.securityfocus.com/bid/55205/info PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of...
PHP Web Scripts Text Exchange Pro - page Local File Inclusion
PHP Web Scripts Text Exchange Pro - page Local File Inclusion source: https://www.securityfocus.com/bid/55205/info PHP Web Scripts Text Exchange Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this...
PHP Web Scripts Ad Manager Pro - page Local File Inclusion
PHP Web Scripts Ad Manager Pro - page Local File Inclusion source: https://www.securityfocus.com/bid/55189/info PHP Web Scripts Ad Manager Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability t...
PHP Web Scripts Ad Manager Pro - 'page' Local File Inclusion
source: https://www.securityfocus.com/bid/55189/info PHP Web Scripts Ad Manager Pro is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of th...
Cross site scripting
Cross-site scripting XSS vulnerability in the Spike PHPCoverage aka spikephpcoverage library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Microsoft SharePoint 跨站脚本漏洞(CVE-2012-1863)
Bugtraq ID:54316 CVE ID:CVE-2012-1863 Microsoft SharePoint Server是一款服务器功能集成套件,提供全面的内容管理和企业搜索、加速共享业务流程并便利跨界限信息共享。 Microsoft SharePoint Server存在一个跨站脚本漏洞,允许攻击者通过URL中特制的JavaScript元素,注入任意WEB脚本或HTML,攻击者可以利用漏洞获得敏感信息或劫持用户会话。 0 Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Foundation 2010...
Creative Works - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title:Creative Works Multiple sql web scripts Google Dork:Powered by: Creative Works Software Link:www.creativeworks.com.ec Version:2012 Tested on:linux and windows any os credits:Security Warriors Team SWT...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...
PHP Inventory < 1.3.2 SQLi Vulnerability
PHP Inventory is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in iTop aka IT Operations Portal 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted company name, 2 a crafted database server name, 3 a crafted CSV file, 4 a crafted copy-and-paste action, 5 the...
CVE-2010-4843
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter...