CuteNews 1.4.6 - index.php Multiple Cross-Site Scripting Vulnerabilities

CuteNews 1.4.6 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...

CuteNews 1.4.6 - from_date_day Full Path Disclosure

CuteNews 1.4.6 - fromdateday Full Path Disclosure source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues...

CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities

CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...

CuteNews 1.4.6 - 'result' Cross-Site Scripting

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

CuteNews 1.4.6 - 'from_date_day' Full Path Disclosure

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

CuteNews 1.4.6 - 'index.php' Cross-Site Request Forgery (New User Creation)

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

CuteNews 1.4.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

openSUSE 10 Security Update : apache2 (apache2-6576)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy CVE-2009-1890 - moddeflate continued to compress large files even after a network...

Basic Analysis and Security Engine Multiple Input Validation Vulnerabilities

Basic Analysis and Security Engine BASE is prone to multiple input- validation vulnerabilities because it fails to adequately sanitize user- supplied input. These vulnerabilities include an SQL-injection issue, a cross-site scripting issue, and a local file-include issue. Exploiting these issues...

openSUSE Security Update : apache2 (apache2-1419)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy CVE-2009-1890 - moddeflate continued to compress large files even after a network...

httpdx 1.4.6b - Source Disclosure

httpdx = 1.4.6b Remote Source Disclosure Found By: DrIDE Tested On: Windows XPSP3 Download: httpdx.sourceforge.net/downloads/ - Description - httpdx Web Server = 1.4.6b is a Windows based HTTP server. This is the latest version of the application available. httpdx is vulnerable to remote arbitrar...

phpCMS 2008 - download.php Information Disclosure

phpCMS 2008 - download.php Information Disclosure source: https://www.securityfocus.com/bid/42514/info PHPCMS2008 is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local files in the...

phpCMS 2008 - 'download.php' Information Disclosure

source: https://www.securityfocus.com/bid/42514/info PHPCMS2008 is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local files in the context of the webserver process. This may allow the...

NaviCOPA <= 3.0.1.2 Source Disclosure

No description provided by source. NaviCOPA Web Server = 3.0.1.2 Remote Source Disclosure Found By: DrIDE Tested On: Windows XPSP3 Download: www.navicopa.com/download.html - Description - NaviCOPA Web Server = 3.0.1.2 is a Windows based HTTP server. This is the latest version of the application...

JDownloader Detection (HTTP)

HTTP based detection of JDownloader. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100301";...

Thin Webserver Detection

This host is running Thin, a Ruby web server. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

OpenSolution Quick.Cart - Local File Inclusion Cross-Site Scripting

OpenSolution Quick.Cart - Local File Inclusion Cross-Site Scripting source: https://www.securityfocus.com/bid/42182/info Quick.Cart is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attack...

OpenSolution Quick.Cart - Local File Inclusion / Cross-Site Scripting

source: https://www.securityfocus.com/bid/42182/info Quick.Cart is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using...

FlatPress 'userid' Parameter Local File Include Vulnerability

FlatPress is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow th...