4774 matches found
Phorum search.php subject Parameter XSS
The remote version of Phorum contains a script called 'search.php' that is vulnerable to a cross-site scripting attack. An attacker may be able to exploit this problem to steal the authentication credentials of third-party users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Zixforum - ZixForum.mdb Database Disclosure
source: https://www.securityfocus.com/bid/10982/info Zixforum is reported prone to a database disclosure vulnerability. It is reported that remote users may download the database file ''ZixForum.mdb' and gain access to sensitive information including unencrypted authentication credentials. All...
Outblaze Webmail - HTML Injection
Outblaze Webmail - HTML Injection source: https://www.securityfocus.com/bid/10756/info Outblaze Webmail is reported prone to an-HTML injection vulnerability because the application fails to properly sanitize user-supplied HTML email content. An attacker may be able to inject HTML and script code...
RHEL 2.1 : kdelibs (RHSA-2003:236)
This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication...
ArbitroWeb PHP Proxy 0.50.6 - Cross-Site Scripting
ArbitroWeb PHP Proxy 0.50.6 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10592/info It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. The URI parameter passed to 'index.php' called 'rawURL' contains the desired...
TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/10359/info It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks. The cross-site scripting...
vBulletin 2.x - private.php Cross-Site Scripting
vBulletin 2.x - private.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9940/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'ptivate.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for...
Software602 602Pro LAN Suite - Web Mail Cross-Site Scripting
source: https://www.securityfocus.com/bid/9777/info It has been reported that 602Pro LAN Suite Web Mail is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user input supplied via the URI. Attackers may exploit this vulnerabilit...
YaBB SE 1.5.x - Multiple SQL Injections
YaBB SE 1.5.x - Multiple SQL Injections source: https://www.securityfocus.com/bid/9774/info It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks...
Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/9755/info A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks. The issue is reported to exist due to improper sanitizing of...
Apple Mac OS X Point-to-Point Protocol daemon (pppd) contains format string vulnerability
Overview Apple Mac OS X Point-to-Point Protocol daemon contains a format string vulnerability in the handling of invalid command line arguments. Description The Point-to-Point Protocol PPP provides a method for transmitting datagrams over serial point-to-point links. There is a format string...
Discuz! 2.03.0 - Cross-Site Scripting
Discuz! 2.03.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9584/info It has been reported that Discuz! is prone to an Cross Site Scripting vulnerability. This issue is caused by the application failing to properly sanitize links embedded within user messages. Upon successful...
Darkwet Network WebcamXP 1.6.945 - Cross-Site Scripting
Darkwet Network WebcamXP 1.6.945 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9465/info It has been reported that WebcamXP may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. It has been...
PHPGedView 2.5/2.6 - 'calendar.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11907/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...
Edimax AR-6004 ADSL Router - Management Interface Cross-Site Scripting
Edimax AR-6004 ADSL Router - Management Interface Cross-Site Scripting source: https://www.securityfocus.com/bid/9374/info Edimax AR-6004 ADSL Routers are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a...
SnapStream PVS Lite 2.0 - Cross-Site Scripting
SnapStream PVS Lite 2.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9375/info SnapStream PVS Lite is prone to a cross-site scripting vulnerability. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a system hosting the software that...
ZYXEL ZyWALL 10 Management Interface - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9373/info ZyWALL 10 firewalls are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that...
IBM Directory Server 4.1 - Web Administration Interface Cross-Site Scripting
source: https://www.securityfocus.com/bid/9140/info IBM Directory Server is prone to cross-site scripting attacks via the web administrative interface. An attacker may be able to embed hostile HTML and script code in a malicious link to the server, which when followed will be rendered in the vict...
Macromedia JRun 4.0 build 61650 - Administrative Interface Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/9112/info A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page...
Macromedia ColdFusion MX 6.0 - SQL Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/8840/info It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be exploited by an attacker to construct a...