PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53598/info PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Galette SQL Injection

Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

Galette - picture.php SQL Injection

Galette - picture.php SQL Injection source: https://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Galette - 'picture.php' SQL Injection

source: https://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...

Browser Find toolbar phishing attack

Added: 02/25/2012 Background This tool serves a page claiming to be a list of stolen passwords. When a user sees this list, the most common response is to validate the claim by opening a Find box Ctrl-F and searching for his or her own password. The tool intercepts the Ctrl-F keypress and opens a...

Oxwall 1.1.1 - 'plugin' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52125/info Oxwall is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Giveaway Manager - members.php Cross-Site Scripting

Giveaway Manager - members.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51431/info Giveaway Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script cod...

Limny 3.0.1 - 'login.php' Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/51261/info Limny is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

Pet Listing - preview.php Cross-Site Scripting

Pet Listing - preview.php Cross-Site Scripting source: https://www.securityfocus.com/bid/50996/info Pet Listing is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in th...

HP Network Node Manager (NMM) i 9.10 - nnmprotectedconfigurationpoll.jsp?nodename Cross-Site Scripting

HP Network Node Manager NMM i 9.10 - nnmprotectedconfigurationpoll.jsp?nodename Cross-Site Scripting source: https://www.securityfocus.com/bid/50806/info HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize...

webERP 4.3.8 - Multiple Script URI Cross-Site Scripting Vulnerabilities

webERP 4.3.8 - Multiple Script URI Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/50713/info webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacke...

Researcher: Malware, Increasingly Interdependent, Stifles Security Wares

BARCELONA — A researcher says that malicious software such as botnets and browser exploit kits are becoming more and more interdependent, complicating the job of those who seek to detect and remove the malware. Aditya Sood, a doctoral student in the Department of Computer Science and Engineering ...

WordPress Theme Hybrid 0.9 - cpage Cross-Site Scripting

WordPress Theme Hybrid 0.9 - cpage Cross-Site Scripting source: https://www.securityfocus.com/bid/49866/info The Hybrid theme for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

Iskratel SI2000 Callisto 821+ - Cross-Site Request Forgery / HTML Injection

source: https://www.securityfocus.com/bid/48711/info The Iskratel SI2000 Callisto 821+ is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities. An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of...

HTB22967: Multiple SQL Injection in Shutter

Vulnerability ID: HTB22967 Reference: http://www.htbridge.ch/advisory/sqlinjectioninshutter.html Product: Shutter Vendor: http://shutter.tenfourzero.net/ http://shutter.tenfourzero.net/ Vulnerable Version: 0.1.4 Vendor Notification: 19 April 2011 Vulnerability Type: SQL Injection Risk level: High...

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeMafletClose.mafService?RENDER_MAFLET Cross-Site Scripting

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeMafletClose.mafService?RENDERMAFLET Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these...

phpCollab 2.5 XSRF / XSS / Path Disclosure

================================= Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...

Joomla! 1.6 Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

Joomla! 1.6 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/46846/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

Joomla! 1.6 - Multiple SQL Injections

Joomla! 1.6 - Multiple SQL Injections source: https://www.securityfocus.com/bid/46846/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...