4774 matches found
Astaro Security Gateway 8.1 - HTML Injection
source: https://www.securityfocus.com/bid/51301/info Astaro Security Gateway is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of t...
cPanel - 'dir' Cross-Site Scripting
source: https://www.securityfocus.com/bid/57064/info cPanel is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Hero Framework - users/login 'Username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/57035/info Hero is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context ...
CVE-2012-5643
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service memory consumption via 1 invalid Content-Length headers, 2 long POST requests, or 3 crafted authenticatio...
CVE-2012-5643
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service memory consumption via 1 invalid Content-Length headers, 2 long POST requests, or 3 crafted authenticatio...
PHP Address Book - 'group' Cross-Site Scripting
source: https://www.securityfocus.com/bid/56937/info PHP Address Book is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
SimpleInvoices invoices Module - Customer Field Cross-Site Scripting
source: https://www.securityfocus.com/bid/56882/info Simple Invoices is prone to multiple HTML-injection vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will...
TinyMCPUK - 'test' Cross-Site Scripting
source: https://www.securityfocus.com/bid/56767/info TinyMCPUK is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...
dotProject 2.1.x - index.php Multiple Cross-Site Scripting Vulnerabilities
dotProject 2.1.x - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/56624/info Dotproject is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities Exploiting thes...
NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities
NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/56340/info NetCat CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrar...
WordPress Plugin Wordfence Security - Cross-Site Scripting
WordPress Plugin Wordfence Security - Cross-Site Scripting source: https://www.securityfocus.com/bid/56159/info The Wordfence Security plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this iss...
Amateur Photographers Image Gallery - plist.php?albumid SQL Injection
Amateur Photographers Image Gallery - plist.php?albumid SQL Injection source: https://www.securityfocus.com/bid/56110/info Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability...
WordPress Slideshow Plugin - Multiple Cross Site Scripting Vulnerabilities
WordPress Slideshow plugin is prone to multiple cross-site scripting vulnerabilities. These vulnerabilities allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. In that way, an attacker can steal cookie-based authentication...
WANem - Multiple Cross-Site Scripting Vulnerabilities
WANem - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/56326/info WANem is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection
source: https://www.securityfocus.com/bid/55829/info Interspire Email Marketer is prone to the following input-validation vulnerabilities because it fails to properly sanitize user-supplied input: 1. An SQL injection vulnerabilities 2. Multiple HTML injection vulnerabilities 3. A cross-site...
ZenPhoto - admin-news-articles.php Cross-Site Scripting
ZenPhoto - admin-news-articles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55755/info Zenphoto is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/55760/info Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application,...
WordPress Plugin MF Gig Calendar - Cross-Site Scripting
WordPress Plugin MF Gig Calendar - Cross-Site Scripting source: https://www.securityfocus.com/bid/55622/info The MF Gig Calendar plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/55589/info AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute...
FreeWebshop <= 2.2.9 Multiple SQLi and XSS Vulnerabilities - Active Check
FreeWebshop is prone to multiple SQL injection SQLi and cross- site scripting XSS vulnerabilities because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...