GLSA-200704-08 : DokuWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200704-08 DokuWiki: XSS vulnerability DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file. Impact : An attacker could entice a user to click a specially crafted link and inject CRLF characters...

CVE-2007-1552

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension...

EUVD-2007-1546

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension...

Unrestricted file upload

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...

CVE-2007-1139

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...

CVE-2007-0123

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations...

KDPics 1.11/1.16 - 'galeries.inc.php3?categories' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit may allow unauthorized users to vie...

JVN#62307185 QwikiWiki cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution Products Affected QwikiWiki version 1.5.5 and earlier...

GLSA-200607-05 : SHOUTcast server: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200607-05 SHOUTcast server: Multiple vulnerabilities The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the...

Horde Web Application Framework: XSS vulnerability

Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...

OpenEngineTraverse.txt

OpenEngine is a PHP based CMS. The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted. All actual versions are vulnerable up to 1.8 Beta 2, which is the newest one, only the paths and consequences differ. For example you can browse the...

GLSA-200511-20 : Horde Application Framework: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200511-20 Horde Application Framework: XSS vulnerability The Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via...

Horde Application Framework: XSS vulnerability

Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description The Horde Team reported a potential XSS vulnerability. Horde fails...

CVE-2004-2185

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...

CVE-2004-2185

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...

SquirrelMail: Several XSS vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Impact By enticing a user to read a specially-crafted e-mail or using a manipulated...

Groove Mobile Workspace vulnerable to script injection via SharePoint lists containing picture columns

Overview A vulnerability in the way that Groove Mobile Workspace handles picture columns embedded within SharePoint lists may allow attackers to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...

CVE-2005-1337

Technical details for CVE-2005-1337 are not publicly available in the provided documents. Monitor for updates.

CVE-2005-1337

Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI...