[SECURITY] Fedora 20 Update: php-5.5.20-2.fc20

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw

A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute...

CVE-2014-0509

CVE-2014-0509 describes a cross-site scripting (XSS) vulnerability in Adobe Flash Player and Adobe AIR products prior to the listed versions. Affected: Flash Player on Windows/macOS (before 11.7.700.275 and 11.8.x–13.0.x before 13.0.0.182), Flash Player on Linux (before 11.2.202.350), and Adobe A...

CVE-2013-2314

CVE-2013-2314 affects EC-CUBE 2.11.0–2.12.3enP2. The vulnerability is a cross-site scripting (XSS) in the adminAuthorization function within SC_Helper_Session.php, allowing a remote attacker to inject arbitrary script/HTML via a crafted URL used on the management screen. Root cause: improper hand...

Debian DSA-2639-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files...

Mandrake Linux Security Advisory : Zope (MDKSA-2001:025)

A new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make...

CVE-2012-3846

CVE-2012-3846 affects PHP-pastebin 2.1. The vulnerability is a cross-site scripting (XSS) flaw in index.php, exploitable via the title parameter to inject arbitrary web script or HTML. Several sources (NVD entry and related CVE records) confirm this issue. The provided documents do not specify th...

CVE-2010-2367

The CVE-2010-2367 entry concerns AD-EDIT2 prior to version 3.0.9, with a cross-site scripting (XSS) vulnerability in search.cgi that can allow remote attackers to inject arbitrary script/HTML via unspecified vectors. Affected product: AD-EDIT2 (CMS). Root cause: XSS in the search.cgi handler; imp...

CVE-2010-3602

Cross-site scripting XSS vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-3094

CVE-2010-3094 describes multiple XSS vulnerabilities in Drupal 6.x before 6.18. The issues allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actio...

CVE-2010-2147

The CVE-2010-2147 entry describes a Cross-site Scripting (XSS) vulnerability in the Joomla! My Car component (com_mycar) version 1.0. The flaw allows remote attackers to inject arbitrary web script or HTML through the modveh parameter in index.php. Connected sources confirm the affected product/c...

CVE-2009-3506

CVE-2009-3506 involves multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21. The affected software is CMSphp 0.21, with XSS achievable through the cook_user parameter to index.php and the name parameter to modules.php. The available records describe the underlying issue as improper ...

[SECURITY] Fedora 10 Update: php-5.2.9-2.fc10

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

php: XSS via PHP error messages

Cross-site scripting XSS vulnerability in PHP, possibly 5.2.7 and earlier, when displayerrors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208...

CVE-2008-2831

Multiple cross-site scripting XSS vulnerabilities in the delegated spam management feature in the Spam Quarantine Management SQM component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via 1 the list of blocked...

Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02

Saved - 27-07-2008/13:10:02 .: Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02 .: Author CSDT .: Affected versions http://www.webwizguide.com/ - Web Wiz Rich Text Editor RTE 4.02 .: Credit The disclosure of these issues has been credited to autehoker of CSDT...

CVE-2007-0191

Cross-site scripting XSS vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contentsnew operation in the adcontents section...

CVE-2006-5703

CVE-2006-5703 affects TikiWiki 1.9.5 via tiki-featured_link.php, where an attacker can inject arbitrary script/HTML through a url parameter that bypasses filtering (demonstrated with malformed nested SCRIPT elements). Connected advisories (GLSA 200611-11, Gentoo GLSA, and OpenVAS/Nessus entries) ...

CVE-2006-4972

CVE-2006-4972 describes a cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard), specifically in the file archive/index.php/forum-4.html. The underlying issue allows remote attackers to inject arbitrary web script or HTML via the parameter navbits[][name]. The vulnerability affects t...