2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/40913/info 2daybiz Network Community Script is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...

AneCMS 1.x - '/modules/blog/index.php' HTML Injection

source: https://www.securityfocus.com/bid/40838/info AneCMS is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal...

Apache Axis2 v1.4.1 Local File Inclusion

This module exploits an Apache Axis2 v1.4.1 local file inclusion LFI vulnerability. By loading a local XML file which contains a cleartext username and password, attackers can trivially recover authentication credentials to Axis services. This module requires Metasploit:...

Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting

Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/41664/info Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. An...

PGAUTOPro - SQL Injection / Cross-Site Scripting (2)

source: https://www.securityfocus.com/bid/40664/info PG Auto Pro is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

CuteSITE CMS 1.5.0 Cross Site Scripting

Vulnerability ID: HTB22397 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincutesitecms.html Product: CuteSITE CMS Vendor: AMT Company Vulnerable Version: 1.5.0 and Probably Prior Versions Vendor Notification: 20 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

BoastMachine 3.1 - 'key' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40623/info boastMachine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in th...

CuteSITE CMS 1.x - managemain.php?fld_path Cross-Site Scripting

CuteSITE CMS 1.x - managemain.php?fldpath Cross-Site Scripting source: https://www.securityfocus.com/bid/40612/info CuteSITE CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these...

JForum 2.1.8 - 'bookmarks' Module Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/40600/info JForum is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run ...

MoinMoin 1.x - PageEditor.py Cross-Site Scripting

MoinMoin 1.x - PageEditor.py Cross-Site Scripting source: https://www.securityfocus.com/bid/40549/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code...

Wing FTP Server <= 3.5.0 'admin_loginok.html' HTML Injection Vulnerability

Wing FTP Server is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

MoinMoin 1.x - &#039;PageEditor.py&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/40549/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

PHP City Portal 1.3 - &#039;cms_data.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/40532/info PHP City Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

wsCMS - news.php Cross-Site Scripting

wsCMS - news.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40447/info wsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to...

Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities

Joomla! 1.5.x Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities. CVE-2010-1649. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40444/info Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

BackLinkSpider 1.3.1774 - Multiple Cross-Site Scripting Vulnerabilities

BackLinkSpider 1.3.1774 Multiple Cross Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40400/info BackLinkSpider is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before usi...

Ruubik CMS 1.0.3 Cross Site Scripting

Vulnerability ID: HTB22380 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinruubikcms.html Product: RuubikCMS Vendor: Piuha Vulnerable Version: 1.0.3 and Probably Prior Versions Vendor Notification: 10 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor...

Cacti Multiple Cross Site Scripting Vulnerabilities

Cacti is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user- supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allo...

RazorCMS 1.0 - adminindex.php HTML Injection

RazorCMS 1.0 - adminindex.php HTML Injection source: https://www.securityfocus.com/bid/40373/info razorCMS is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected...

RazorCMS 1.0 - &#039;/admin/index.php&#039; HTML Injection

source: https://www.securityfocus.com/bid/40373/info razorCMS is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to ste...