PT-2009-1135

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services IIS version 5.0 Description The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK...

PRTG Traffic Grapher 6.2.1 - url Cross-Site Scripting

PRTG Traffic Grapher 6.2.1 - url Cross-Site Scripting source: https://www.securityfocus.com/bid/40630/info PRTG Traffic Grapher is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

PRTG Traffic Grapher 6.2.1 - 'url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40630/info PRTG Traffic Grapher is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Plunet BusinessManager 4.1 - '/pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...

KDE Konqueror 4.1 - Multiple Cross-Site Scripting Denial of Service Vulnerabilities

KDE Konqueror 4.1 - Multiple Cross-Site Scripting Denial of Service Vulnerabilities source: https://www.securityfocus.com/bid/33085/info KDE Konqueror is prone to multiple cross-site scripting vulnerabilities and multiple denial-of-service vulnerabilities because the application fails to...

KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities

source: https://www.securityfocus.com/bid/33085/info KDE Konqueror is prone to multiple cross-site scripting vulnerabilities and multiple denial-of-service vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute...

ViArt Shop 3.5 - 'manuals_search.php?manuals_search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/33043/info ViArt Shop is prone to multiple remote vulnerabilities: - Multiple cross-site scripting vulnerabilities - An information-disclosure vulnerability - An authentication-bypass vulnerability An attacker can exploit these issues to execute arbitrary...

Injader 2.1.1 - SQL Injection HTML Injection

Injader 2.1.1 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/32843/info Injader is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injecti...

Injader 2.1.1 - SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/32843/info Injader is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute arbitrary script code in...

PHPepperShop 1.4 - shopAdminshop_kunden_mgmt.php Cross-Site Scripting

PHPepperShop 1.4 - shopAdminshopkundenmgmt.php Cross-Site Scripting source: https://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to...

PHPepperShop 1.4 - 'shop/Admin/SHOP_KONFIGURATION.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

PHPepperShop 1.4 - 'shop/Admin/shop_kunden_mgmt.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

TWiki 4.x - 'URLPARAM' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32669/info TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

RevSense 1.0 - SQL Injection Cross-Site Scripting

RevSense 1.0 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/32624/info RevSense is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

NPDS < 08.06 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/33051/info NPDS is prone to multiple input-validation vulnerabilities: - Multiple local file-include vulnerabilities - An HTML-injection vulnerability - Multiple SQL-injection vulnerabilities - Multiple cross-site scripting vulnerabilities Exploiting thes...

Yappa-ng - Query String Cross-Site Scripting

Yappa-ng - Query String Cross-Site Scripting source: https://www.securityfocus.com/bid/32623/info The 'yappa-ng' program is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitra...

Orkut Clone - profile_social.php?id SQL Injection

Orkut Clone - profilesocial.php?id SQL Injection source: https://www.securityfocus.com/bid/32600/info Orkut Clone is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow a...

Z1Exchange 1.0 - id Cross-Site Scripting

Z1Exchange 1.0 - id Cross-Site Scripting source: https://www.securityfocus.com/bid/32598/info Z1Exchange is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacke...

Orkut Clone - 'profile_social.php?id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32600/info Orkut Clone is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

Softbiz Classifieds Script - showcategory.php?radio Cross-Site Scripting

Softbiz Classifieds Script - showcategory.php?radio Cross-Site Scripting source: https://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...