493 matches found
[SECURITY] Fedora 18 Update: roundcubemail-0.7.3-1.fc18
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Fedora Update for roundcubemail FEDORA-2012-12357
Check for the Version of roundcubemail OpenVAS Vulnerability Test Fedora Update for roundcubemail FEDORA-2012-12357 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities
PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55280/info PrestaShop is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
[SECURITY] Fedora 16 Update: roundcubemail-0.7.3-1.fc16
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
[SECURITY] Fedora 15 Update: roundcubemail-0.7.2-2.fc15
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51423/info ATutor is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacke...
couchdb -- DOM based Cross-Site Scripting via Futon UI
Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...
ServersCheck Monitoring 8.8.10 - Multiple Vulnerabilities
Document Title: =============== ServersCheck Monitoring 8.8.10 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=93 FULL: Discl. Date OSVDB ID CVE ID Creditees Title 2011-09-27 76035 Benjamin Kunz Mejri ServersCheck Monitoring...
8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability
Document Title: =============== 8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability Release Date: ============= 2011-08-14 Vulnerability Laboratory ID VL-ID: ==================================== 1 Product & Service Introduction: =============================== 8pixel.net developes...
Multiple WordPress WooThemes Themes - 'test.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/48110/info Multiple WordPress WooThemes Live Wire are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting
source: https://www.securityfocus.com/bid/47542/info Dolibarr is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal...
Plogger 1.0 RC1 - gallery_name Cross-Site Scripting
Plogger 1.0 RC1 - galleryname Cross-Site Scripting source: https://www.securityfocus.com/bid/47329/info Plogger is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in th...
[SECURITY] Fedora 15 Update: roundcubemail-0.5.1-1.fc15
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47077/info Spitfire is prone to a cross-site scripting vulnerability. because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...
NewsPortal 'post.php' Cross Site Scripting Vulnerability
NewsPortal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Microsoft Windows Picture and Fax Viewer Library Vulnerability !
Microsoft Windows Picture and Fax Viewer Library Vulnerability ! I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in multiple...
HTB22813: XSS vulnerability in UMI.CMS
Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium...
Ravan : A Distributed Hash Brute Forcer !
A short post for Ravan this time. It is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. Salted and plain versions of the following hashing algorithms are currently supported: MD5 SHA1 SHA256...
Drive-By Downloads Still Running Wild
For some time now, the browser has been the most dangerous piece of software on the Web, and to hear researchers tell it, the climate it likely to get far worse before it gets any better. The attack landscape has shifted in a lot of important ways in the last few years, but none of the changes ha...
Douran Portal 3.9.7.55 - Arbitrary File Upload Cross-Site Scripting
Douran Portal 3.9.7.55 - Arbitrary File Upload Cross-Site Scripting source: https://www.securityfocus.com/bid/44594/info Douran Portal is prone to an arbitrary-file-upload vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied...