Zimbra < 7.0.0 LFI Vulnerability - Active Check

Zimbra is prone to a local file include LFI vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zimbra:collaboration";...

JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting

Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

Microsoft Exchange Server CVE-2013-5072 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the 1 box parameter to messaging/messagebox.php, cidToEdit parameter to 2 adminregisteruser.php or 3 adminusercoursesettings.php in admin/, 4 moduleid...

WordPress Optinfirex Cross Site Scripting

Exploit Title : Wordpress optinfirex plugin Cross site scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://wordpress.org Google Dork : inurl :wp-content/plugins/optinfirex Date: 2013-11-26 Tested on: Windows 7 , Linux...

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

CVE-2013-4842

Cross-site scripting XSS vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

TomatoCart 1.1.8.2 - &#039;class&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/63795/info TomatoCart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. Thi...

Schneider Electric InduSoft Web Studio Arbitrary Script Execution

Binary data scadaindusoftwebstudioscriptexecution.nbin...

Zabbix Authenticated Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Zabbix Authenticated Remote Command Execution', 'Description' = %q ZABBIX allows an administrator to create scripts that will be run ...

Directory traversal

Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551...

CVE-2012-4141

Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a 1 drag-and-drop or 2 copy-and-paste operation...

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute...

Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass

source: https://www.securityfocus.com/bid/62480/info Mozilla Firefox is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting us...

CVE-2013-4047

Cross-site scripting XSS vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link...

Opera vulnerable to cross-site scripting

Overview Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...

CVE-2013-0595

Multiple cross-site scripting XSS vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3...

Cross site scripting

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...