GaliX 2.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/24066/info GaliX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other...

HLstats 1.35 - 'hlstats.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/24063/info HLstats is prone to mulitiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues may help an attacker steal cookie-based authentication credentials and launch...

IMail IMAP Service DELETE 命令溢出漏洞

Muts 在 IMail Server 中发现一个安全漏洞, 能被恶意用户利用威胁到系统的安全。 这个漏洞的成因是由于IMAP service "IMAP4D32.exe" 在处理 "DELETE" 命令时没有进行边界检查. 如果用户提交"DELETE"命令时附带超长的参数，约 300 字节 将导致缓冲区溢出。 成功利用者可以执行任意代码。 这个风险在 IMAIL 8.13 版本中发现，其它版本可能也受影响。 IMail Server 8.x 限制使用或暂时停用Imail Server !/usr/bin/perl -w IPSwitch-IMail-8.13-DELETE...

HLstats 1.35 - hlstats.php Multiple Cross-Site Scripting Vulnerabilities

HLstats 1.35 - hlstats.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24063/info HLstats is prone to mulitiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues may...

WordPress Theme Redoable 1.2 - 'header.php?s' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24037/info Redoable is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

VP-ASP Shopping Cart 6.50 - 'ShopContent.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24033/info VP-ASP Shopping Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

vBulletin 3.6.6 - 'calendar.php' HTML Injection

source: https://www.securityfocus.com/bid/24020/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of th...

Jetbox CMS 2.1 - view/supplynews Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/23999/info Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch...

Jetbox CMS 2.1 - viewsearch?path Cross-Site Scripting

Jetbox CMS 2.1 - viewsearch?path Cross-Site Scripting source: https://www.securityfocus.com/bid/23999/info Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal...

Kayako eSupport 3.0.90 - index.php Cross-Site Scripting

Kayako eSupport 3.0.90 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23864/info Kayako eSupport is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

D-Link DSL-G624T - Var:RelaodHref Cross-Site Scripting

D-Link DSL-G624T - Var:RelaodHref Cross-Site Scripting source: https://www.securityfocus.com/bid/23802/info D-Link DSL-G624T is prone to a cross-site scripting vulnerability. This issue is due to a failure to properly sanitize user-supplied input. An attacker may leverage this issue to have...

ObieWebsite Mini Web Shop 2 - 'Sendmail.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch...

ObieWebsite Mini Web Shop 2 - 'order_form.php?PATH_INFO' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch...

ObieWebsite Mini Web Shop 2 - order_form.php?PATH_INFO Cross-Site Scripting

ObieWebsite Mini Web Shop 2 - orderform.php?PATHINFO Cross-Site Scripting source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploi...

MoinMoin 1.5.x - index.php Cross-Site Scripting

MoinMoin 1.5.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23676/info MoinMoin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

Phorum 5.1.20 - 'admin.php' Groups Module Edit/Add Group Field SQL Injection

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

Phorum 5.1.20 - 'admin.php' badwords/banlist Module SQL Injection

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

Phorum 5.1.20 - '/include/admin/banlist.php?delete' Cross-Site Request Forgery Banlist Deletion

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

Phorum 5.1.20 - admin.php?modsettings Module smiley_id Cross-Site Scripting

Phorum 5.1.20 - admin.php?modsettings Module smileyid Cross-Site Scripting source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and...

Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php?icodir' Traversal Arbitrary Directory Listing

source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute...