AneCMS 1.0 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/39416/info AneCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local...

Saskias ShopSystem - id Local File Inclusion

Saskias ShopSystem - id Local File Inclusion source: https://www.securityfocus.com/bid/38574/info Saskia's Shopsystem is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitiv...

TikiWiki jhot.php Script File Upload Security Bypass (CVE-2006-4602)

TikiWiki, also known as Tiki CMS/Groupware or simply Tiki, is a powerful wiki-based Content Management System CMS which allows users and/or groups of users to manage their data on-line via a web browser. TikiWiki provides numerous features, including Wiki-based Documentation, Groupware, Blogging...

SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities

SiteX is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the...

Oracle Application Server vulnerable to cross-site scripting

Overview Oracle Application Server from Oracle contains a cross-site scripting vulnerability. Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC...

Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================= Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability ========================================================= Simple PHP Blog is prone to a local file-include vulnerability...

FlatPress 'userid' Parameter Local File Include Vulnerability

FlatPress is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow th...

opera -- multiple vulnerabilities

Opera Team reports: An unspecified error in the processing of JPEG images can be exploited to trigger a memory corruption. An error can be exploited to execute arbitrary script code in a different domain via unspecified plugins. An unspecified error has a "moderately severe" impact. No further...

AbleDating 2.4 - search_results.php?keyword Cross-Site Scripting

AbleDating 2.4 - searchresults.php?keyword Cross-Site Scripting source: https://www.securityfocus.com/bid/29342/info AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and...

AbleDating 2.4 - search_results.php?keyword SQL Injection

AbleDating 2.4 - searchresults.php?keyword SQL Injection source: https://www.securityfocus.com/bid/29342/info AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a...

pnamazu cross-site scripting vulnerability

Overview pnamazu, the Perl version program of the full-text search engine Namazu, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

Drupal cross-site scripting vulnerability

Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possible conduct session hijacking. Solution None...

04WebServer cross-site scripting vulnerability

Overview 04WebServer, open source web server software, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

tDiary cross-site scripting vulnerability

Overview tDiary, a weblog system from the tDiary development project, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

MODx cross-site scripting vulnerability

Overview MODxl, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

DesignForm cross-site scripting vulnerability

Overview DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm. Impact An arbitrary scrip...

RaidenHTTPD cross-site scripting vulnerability

Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. This issue is different from JVN90438169. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability...

MTCMS WYSIWYG Editor cross-site scripting vulnerability

Overview MTCMS WYSIWYG Editor, weblog management software from SKYARC System, contains a cross-site scripting vulnerability. MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site...

Drupal cross-site scripting vulnerability

Overview Drupal, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN82240092. Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a...

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...