578 matches found
u5CMS Open Redirect Vulnerability
u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. An open redirect vulnerability exists in u5CMS. A remote...
NYU OpenSSO Integration Redirection Vulnerability
NYU OpenSSO Integration is a system that integrates PDS and Sun OpenSSO identity management applications. A redirection vulnerability exists in NYU OpenSSO Integration 2.1 and earlier, which allows remote attackers to redirect a user to an arbitrary web site via a redirection in the url parameter...
CVE-2014-8751
Multiple cross-site scripting XSS vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the 1 searchparam parameter to search.php or 2 name, 3 address, or 4 comment parameter to forms.php...
Open Web Analytics 1.5.4 - (owa_email_address param) - SQL Injection Vulnerability
No description provided by source...
Redmine vulnerable to open redirect
Overview Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
CVE-2011-5079
Open redirect vulnerability in the Modern FAQ irfaq extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
CVE-2010-1707
Multiple cross-site scripting XSS vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 login and 2 mailaddress parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter...
CVE-2010-1371
Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter...
CVE-2009-2134
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message...
PT-2008-3453 · Util Linux Ng +1 · Util-Linux-Ng +1
Name of the Vulnerable Software and Affected Versions: util-linux-ng versions 2.14 and earlier Description: The issue allows remote attackers to modify log events, making it easier to hide activities. This is achieved by injecting arguments into the login process, demonstrated by appending an...
PT-2006-7435 · Rediff · Rediff Bol Downloader Activex
Name of the Vulnerable Software and Affected Versions: Rediff Bol Downloader ActiveX OCX control affected versions not specified Description: The issue allows remote attackers to execute arbitrary files and obtain sensitive information, such as usernames and pathnames, by providing a URL in the u...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...
CVE-2006-2572
Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...
CVE-2005-4136
Cross-site scripting XSS vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter...
CVE-2002-0436
sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...