Trend Micro Worry-Free Business Security and Worry-Free Business Security Services HTTP Header Injection Vulnerability

Trend Micro Worry-Free Business Security and Worry-Free Business Security Services are both antivirus programs from Trend Micro. An HTTP header injection vulnerability exists in Trend Micro Worry-Free Business Security version 9.0 and Worry-Free Business Security Services version 5.x, which can b...

TestLink 1.9.14 Multiple XSS Vulnerabilities

Exploit for hardware platform in category web applications Information ================================= Name: CSRF Vulnerability in TestLink 1.9.14 Affected Software: TestLink Affected Versions: 1.9.14 and possibly below Vendor Homepage: http://testlink.org/ Severity: High Status: Fixed...

SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting Vulnerability

CVE-2012-4939SolarWinds Orion IP Address Manager IPAM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

phpCOIN 1.2 login.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may levera...

IBM Maximo 4.1/ 5.2 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30180/info IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to obtain potentially sensitive information and to execute...

TikiWiki 1.9 tiki-lastchanges.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18143/info TikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam

Exploit for hardware platform in category remote exploits TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow camera demo http://67.203.184.58:9193/admin/view.cgi?profile=0 username=guest password=guest...

ButorWiki 3.0 - 'service' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52059/info ButorWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

AdaptCMS 2.0.1 - Cross-Site Scripting Information Disclosure

AdaptCMS 2.0.1 - Cross-Site Scripting Information Disclosure source: https://www.securityfocus.com/bid/49769/info AdaptCMS is prone to multiple cross-site scripting vulnerabilities and an information disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker m...

Multiple Vulnerabilities in Habari

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Habari which could be exploited to perform cross-site scripting attacks and gain potentially sensitive information. 1 Information disclosure weakness in Habari: CVE-2010-4608 The weakness was found in the...

Advanced Poll 2.0 - mysql_host Cross-Site Scripting

Advanced Poll 2.0 - mysqlhost Cross-Site Scripting source: https://www.securityfocus.com/bid/40045/info Advanced Poll is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...

CuteNews 1.4.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

SpiceWorks - 'query' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43248/info Spiceworks is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

PHP Scripts Now Hangman - 'index.php?n' SQL Injection

source: https://www.securityfocus.com/bid/43513/info TOPHangman is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...

Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/35856/info Matterdaddy Market is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross-browser Code Execution via XSS

Hello 3APA3A! Recently I wrote about cross-browser Code Execution via XSS attack http://websecurity.com.ua/2638/. Earlier I wrote you about Code Execution via XSS in Internet Explorer http://securityvulns.ru/Udocument911.html. In this article I told about Code Execution attack via IE via Cross-Si...

Pre Classified Listings 1.0 - signup.asp Cross-Site Scripting

Pre Classified Listings 1.0 - signup.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/32567/info Pre Classified Listings is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Jetbox CMS 2.1 - liste Cross-Site Scripting

Jetbox CMS 2.1 - liste Cross-Site Scripting source: https://www.securityfocus.com/bid/31890/info Jetbox CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

Chipmunk Blog - members.php Cross-Site Scripting

Chipmunk Blog - members.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Cacti 0.8.7 - 'graph.php?view_type' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability. Attackers may exploit these...