5210 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from...
PHP Inventory Multiple Vulnerabilities
PHP inventory is prone to multiple vulnerabilities. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
MediaWiki 1.14.0, 1.15.0 XSS Vulnerability
MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Debian Security Advisory DSA 1926-1 (typo3-src)
The remote host is missing an update to typo3-src announced via advisory DSA 1926-1. OpenVAS Vulnerability Test $Id: deb19261.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1926-1 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Design/Logic Flaw
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to inject arbitrary web script or HTML via 1 the Page parameter in a List action to modules/ereignis.php, 2 the Kontext parameter in a Search action to modules/kategorie.php, 3 the image parameter ...
Esoftpro Online Guestbook Pro - display Blind SQL Injection
Esoftpro Online Guestbook Pro - display Blind SQL Injection Online Guestbook Pro display Blind SQL Injection Vulnerability Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangelg85atYahooDoTcom script : http://www.esoftpro.com/webscriptsonlineguestbookpro.php DorK : Powered by Online Guestbook Pr...
Online Email Manager Insecure Cookie Handling Vulnerability
Exploit for unknown platform in category web applications =========================================================== Online Email Manager Insecure Cookie Handling Vulnerability =========================================================== Online Email Manager Insecure Cookie Handling Vulnerability...
Moodle CMS Multiple Vulnerabilities (Feb 2009)
Moodle CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MediaWiki 1.6.x < 1.6.12, 1.12.x < 1.12.4, 1.13.x < 1.13.4 Multiple XSS Vulnerabilities
MediaWiki is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Moodle CMS Multiple Vulnerabilities
This host is running Moodle CMS and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbmoodlecmsmultvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Moodle CMS Multiple Vulnerabilities Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via 1 the siteloc parameter in a displayaddsite action, the site parameter in a 2 generalproperties o...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the WEC Discussion Forum wecdiscussion extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to 1 page/showcirculation.php; and 2 edittemplatestep2.php, 3 showfields.php, 4 showuser.php, 5 editmailingliststep1.php, and 6...
CVE-2008-0577
The CVE-2008-0577 entry concerns Drupal’s Project Issue Tracking module (5.x-2.x-dev prior to 20080130; 5.x-1.x prior to 1.2; 4.7.x prior to 2.6/1.6). The description states two vulnerabilities when the Upload module is enabled for issue nodes: (1) it does not restrict extensions of attached file...
CVE-2007-4588
Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Server Admin Level NodeWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or...
CVE-2007-2025
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to 1 whizzery/whizzypic.php or 2 whizzery/whizzylink.php...
PHP Web Scripts Easy Banner Functions.PHP远程文件包含漏洞
PHP Web Scripts Easy Banner是一款基于PHP的web应用程序。 PHP Web Scripts Easy Banner不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Functions.PHP'脚本对用户提交的'sphppath'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 PHP Web Scripts Easy Banner Free 目前没有详细解决方案提供,请关注以下链接:...
CVE-2006-5166
CVE-2006-5166 describes a PHP remote file inclusion vulnerability in the PHP Web Scripts Easy Banner Free product. The issue arises in the functions.php file, where the s[phppath] parameter can be exploited to cause the server to include and execute arbitrary PHP code from a remote URL. Affected ...