737 matches found
Miro Broadcast Machine 0.9.9 - login.php Cross-Site Scripting
Miro Broadcast Machine 0.9.9 - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26407/info Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execut...
Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/26407/info Miro Broadcast Machine is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in...
FreeBSD : tikiwiki -- multiple vulnerabilities (20a4eb11-8ea3-11dc-a396-0016179b2dd5)
Secunia reports : Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when...
Computer Associates SiteMinder - Web Agent Smpwservices.FCC Cross-Site Scripting
source: https://www.securityfocus.com/bid/26375/info Computer Associates SiteMinder Web Agent is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's...
Helios Calendar 1.11.2 - adminindex.php Cross-Site Scripting
Helios Calendar 1.11.2 - adminindex.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute...
wordpress -- cross-site scripting
A Secunia Advisory report: Input passed to the "postscolumns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
Directory Image Gallery XSS vuln.
Sunday, 7 October 2007 Directory Image Gallery XSS vuln. Vuln. discovered by : r0t Date: 7 October 2007 Vendor:http://splitside.net/store/index.php?mainpage=productinfo&productsid=1 affected versions:Directory Image Gallery 1.1 other versions also can be affected. Directory Image Gallery contains...
tikiwiki -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when remi...
Cisco Unified MeetingPlace Template Cross-Site Scripting Vulnerability
Cisco Unified MeetingPlace versions prior to 5.3.235.0 contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists due to insufficient filtering of parameters by Cisco Unified MeetingPlace. An unauthenticated,...
OpenWebMail Multiple XSS vuln.
OpenWebMail Multiple XSS vuln. Vuln. discovered by : r0t Date: 2 August 2007 vendor:openwebmail.org orginal advisory: http://pridels-team.blogspot.com/2007/08/openwebmail-multiple-xss-vuln.html affected versions:2.52 20060831 and previous OpenWebMail contains multiple flaws that allows a remote...
LinkedIn IE工具栏IEContextMenu控件远程溢出漏洞
BUGTRAQ ID: 25032 LinkedIn是一个联网工具,帮助用户在线寻找各类工作或业务联系人。 LinkedIn的IEToolbar.IEContextMenu.1 ActiveX控件实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户机器。 LinkedIn工具栏的IEToolbar.IEContextMenu.1(LinkedInIEToolbar.dll)控件在处理Search方式时将VARIANT用作了varBrowser参数,如果用户受骗访问了恶意网页的话就可能触发缓冲区溢出,导致在用户浏览器会话中执行任意指令。 LinkedIn IE Toolbar...
GLSA-200703-23 : WordPress: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200703-23 WordPress: Multiple vulnerabilities WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3x in the 'year' parameter of the wptitle function Alexander Concha in the...
Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting
Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. Example: -...
Oracle Portal 9i/10g - Container_Tabs.jsp Cross-Site Scripting
source: https://www.securityfocus.com/bid/21717/info Oracle Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before returning it to the user. An attacker can exploit this issue to execute arbitrary HTML and script code in a userâ??s...
Oracle Portal 9i10g - Container_Tabs.jsp Cross-Site Scripting
Oracle Portal 9i10g - ContainerTabs.jsp Cross-Site Scripting source: https://www.securityfocus.com/bid/21717/info Oracle Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before returning it to the user. An attacker can exploit this...
FreeBSD : mailman -- Multiple Vulnerabilities (fffa9257-3c17-11db-86ab-00123ffe8333)
Secunia reports : Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successf...
hlstats.txt
Hello, world ; Input passed to multiple parameters in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute HTML and script code in a user's browser session in context of an affected site with limitation of ' and ". This may also affect prior...
XSS in HLstats 1.34
Hello, world ; Input passed to multiple parameters in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute HTML and script code in a user's browser session in context of an affected site with limitation of ' and ". This may also affect prior...
[SA21667] PmWiki Table Markups Script Insertion Vulnerability
TITLE: PmWiki Table Markups Script Insertion Vulnerability SECUNIA ADVISORY ID: SA21667 VERIFY ADVISORY: http://secunia.com/advisories/21667/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PmWiki 2.x http://secunia.com/product/6195/ DESCRIPTION: A...