4774 matches found
BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities
BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/19513/info Multiple cross-site scripting vulnerabilities affect BlaBla 4U because the application fails to properly sanitize user-supplied input before including it in dynamically generated web...
YaBBSE 1.x - index.php Cross-Site Scripting
YaBBSE 1.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may...
YaBBSE 1.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage this issue to have arbitrary script co...
VWar 1.x - war.php?page Cross-Site Scripting
VWar 1.x - war.php?page Cross-Site Scripting source: https://www.securityfocus.com/bid/19327/info Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplie...
VWar 1.x - 'war.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/19327/info Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplied input. A successful exploit of these...
VWar 1.x - 'war.php?page' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19327/info Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplied input. A successful exploit of these...
Cross site scripting
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting CVE-2005-36...
CVE-2006-2481
VMware ESX Server vulnerability CVE-2006-2481 affects ESX 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4. The Management Interface stores authentication credentials in base64-encoded form inside cookies (vmware.mui.kid and vmware.mui.sid). If an attacker can access these cookies (e.g., via cross...
VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities
VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/19249/info VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The following issues were reported: 1. An...
TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)
TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities 2 source: https://www.securityfocus.com/bid/19260/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...
TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)
source: https://www.securityfocus.com/bid/19260/info TinyPHPForum is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user...
VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/19249/info VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The following issues were reported: 1. An information disclosure vulnerability that could disclose the session ID...
ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting
ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting source: https://www.securityfocus.com/bid/19180/info The Zyxel Prestige 660H-61 ADSL Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
wwwThreads - calendar.php Cross-Site Scripting
wwwThreads - calendar.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19177/info WWWThreads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in t...
LinksCaffe 3.0 - links.php Multiple SQL Injections
LinksCaffe 3.0 - links.php Multiple SQL Injections source: https://www.securityfocus.com/bid/19149/info LinksCaffe is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application...
PHP Pro Bid 5.2.4 - categories.php?orderType SQL Injection
PHP Pro Bid 5.2.4 - categories.php?orderType SQL Injection source: https://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize...
PHP Pro Bid 5.2.4 - 'viewfeedback.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities...
PHP Pro Bid 5.2.4 - 'auctionsearch.php?advsrc' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities...
PhotoCycle 1.0 - PhotoCycle.php Cross-Site Scripting
PhotoCycle 1.0 - PhotoCycle.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18964/info Photocycle is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...
FLV Players 8 - player.php?url Cross-Site Scripting
FLV Players 8 - player.php?url Cross-Site Scripting source: https://www.securityfocus.com/bid/18954/info FLV Player is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...