IPManager 2.3 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20952/info IpManager is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user ...

AIOCP 1.3.x - cp_login.php SQL Injection

AIOCP 1.3.x - cplogin.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to...

AIOCP 1.3.x - cp_dpage.php Cross-Site Scripting

AIOCP 1.3.x - cpdpage.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an...

AIOCP 1.3.x - cp_links.php SQL Injection

AIOCP 1.3.x - cplinks.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to...

AIOCP 1.3.x - cp_show_ec_products.php Full Path Disclosure

AIOCP 1.3.x - cpshowecproducts.php Full Path Disclosure source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow...

AIOCP 1.3.x - cp_links_search.php SQL Injection

AIOCP 1.3.x - cplinkssearch.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attack...

AIOCP 1.3.x - cp_users_online.php SQL Injection

AIOCP 1.3.x - cpusersonline.php SQL Injection source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attack...

AIOCP 1.3.x - cp_show_ec_products.php Cross-Site Scripting

AIOCP 1.3.x - cpshowecproducts.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow...

AIOCP 1.3.x - 'cp_contact_us.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_news.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_login.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

IF-CMS - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20909/info IF-CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...

VMware ESX多个敏感信息泄露漏洞

VMware ESX Server是一个适用于任何系统环境的企业级虚拟计算机软件。 VMware ESX Server的管理界面使用了两个Cookies（vmware.mui.kid和vmware.mui.sid）中的会话ID。会话ID格式是私有的，包含有简单base64编码格式的用户帐号和口令。如果攻击者可以通过任何机制（如跨站脚本攻击）访问了Cookies的话，就可以获取认证凭据。 VMware ESX Server的管理界面允许用户更改口令。如果是root用户的话，还可以更改其他用户的口令。在更改口令时，会通过一个HTML表单要求用户输入并确认新的口令，然后通过HTTP...

Simplog 0.9.3 - archive.php?PID Cross-Site Scripting

Simplog 0.9.3 - archive.php?PID Cross-Site Scripting source: https://www.securityfocus.com/bid/20900/info Simplog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute i...

ac4p Mobile - cpindex.php?pagenav Cross-Site Scripting

ac4p Mobile - cpindex.php?pagenav Cross-Site Scripting source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

ac4p Mobile - 'MobileNews.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...

ac4p Mobile - 'polls.php' Multiple Cross-Site Scripting Vulnerabilities (1)

source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...