4774 matches found
osCMax 2.5 - '/admin/login.php?Username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
osCMax 2.5 - '/admin/stats_monthly_sales.php?status' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
osCMax 2.5 - '/admin/xsell.php?search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
osCMax 2.5 - '/admin/htaccess.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
JBMC Software DirectAdmin 1.403 - domain Cross-Site Scripting
JBMC Software DirectAdmin 1.403 - domain Cross-Site Scripting source: https://www.securityfocus.com/bid/52845/info DirectAdmin is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
ManageEngine Firewall Analyzer 7.2 - fwsyslogViewer.do?port Cross-Site Scripting
ManageEngine Firewall Analyzer 7.2 - fwsyslogViewer.do?port Cross-Site Scripting source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues...
ManageEngine Firewall Analyzer 7.2 - fwindex2.do Multiple Cross-Site Scripting Vulnerabilities
ManageEngine Firewall Analyzer 7.2 - fwindex2.do Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverag...
ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
FlatnuX CMS - Cross-Site Request Forgery (Add Admin)
source: https://www.securityfocus.com/bid/52846/info Flatnux is prone to multiple security vulnerabilities: 1. An HTML-injection vulnerability 2. A cross-site request-forgery vulnerability 3. A directory-traversal vulnerability Successful exploits will allow attacker-supplied HTML and script code...
JamWiki 1.1.5 - 'num' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52829/info JamWiki is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
WordPress Plugin Integrator 1.32 - redirect_to Cross-Site Scripting
WordPress Plugin Integrator 1.32 - redirectto Cross-Site Scripting source: https://www.securityfocus.com/bid/52739/info WordPress Integrator is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Zumset.com FbiLike 1.00 - id Cross-Site Scripting
Zumset.com FbiLike 1.00 - id Cross-Site Scripting source: https://www.securityfocus.com/bid/52720/info FbiLike is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...
Zumset.com FbiLike 1.00 - 'id' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52720/info FbiLike is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...
Minify 2.1.x - g Cross-Site Scripting
Minify 2.1.x - g Cross-Site Scripting source: https://www.securityfocus.com/bid/52672/info Minify is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...
Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletion vulnerability 2. A security vulnerability 3. An arbitrary-file-upload...
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()' Method Cross-Site Scripting
source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletion vulnerability 2. A security vulnerability 3. An arbitrary-file-upload...
CMSimple 3.3 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52661/info CMSimple is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...
ManageEngine Device Expert 5.6 Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser,...
Max's Guestbook 1.0 - Multiple Remote Vulnerabilities
source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and...