321 matches found
Mirapoint Web Mail - 'Expression()' HTML Injection
source: https://www.securityfocus.com/bid/20840/info Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser...
BandSite CMS 1.1 - links_content.php Cross-Site Scripting
BandSite CMS 1.1 - linkscontent.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to acce...
BandSite CMS 1.1 - member_content.php Cross-Site Scripting
BandSite CMS 1.1 - membercontent.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to...
BandSite CMS 1.1 - 'photo_content.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...
BandSite CMS 1.1 - 'header.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...
Innovate Portal 2.0 - index.php Cross-Site Scripting
Innovate Portal 2.0 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20104/info Innovate Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...
PT News 1.7.8 - search.php Cross-Site Scripting
PT News 1.7.8 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20090/info PT News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the...
SoftBiz Banner Exchange Script 1.0 - lostpassword.php?PHPSESSID Cross-Site Scripting
SoftBiz Banner Exchange Script 1.0 - lostpassword.php?PHPSESSID Cross-Site Scripting source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying i...
Winged Gallery 1.0 - Thumb.php Cross-Site Scripting
Winged Gallery 1.0 - Thumb.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18629/info Winged Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...
obotix IP Camera M1 1.9.4 .7M10 2.0.5.2 - events.tar?source_ip Cross-Site Scripting
obotix IP Camera M1 1.9.4 .7M10 2.0.5.2 - events.tar?sourceip Cross-Site Scripting source: https://www.securityfocus.com/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-suppli...
Windows Cursor and Icon handling vulnerability
Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...
Windows Cursor and Icon handling vulnerability
Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...
Windows Cursor and Icon handling vulnerability
Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...
Instant Photo Gallery 1.0 - portfolio.php?cat_id Cross-Site Scripting
Instant Photo Gallery 1.0 - portfolio.php?catid Cross-Site Scripting source: https://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An...
CONTROLzx Hms 3.3.4 - 'shared_order.php?sharedPlanID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17282/info CONTROLzx HMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed...
Invision Power Board (IP.Board) 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities
Invision Power Board IP.Board 2.0.4 - Search Action Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17144/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly...
DCP-Portal 3.74.x5.x6.x - forums.php Multiple Cross-Site Scripting Vulnerabilities
DCP-Portal 3.74.x5.x6.x - forums.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...
Link Bank - 'Iframe.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17001/info Link Bank is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issu...
Game-Panel 2.6 - 'login.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16979/info Game-Panel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this iss...
myPHPNuke 1.8.8 - 'download.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16815/info MyPHPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...