Mitsubishi Electric GB-50A远程绕过认证漏洞

BUGTRAQ ID: 28406 GB-50A是三菱中央空调系统的基于浏览器的管理控制系统。 GB-50A在实现认证机制时存在漏洞，远程攻击者可能利用此漏洞非授权操作空调。 GB-50A Web控制器使用了一组Java applet进行自身交互，而这些applet之间的通讯使用一系列未经认证或加密的xml报文，如果用户知道了所控制空调组的IP地址的话，就可以执行各种非授权操作，包括开关空调或随意设置温度。 Mitsubishi Electric GB-50A Mitsubishi Electric -------------------...

Oracle Portal 10g - 'P_OldURL' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22999/info Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...

Secure site - Access bypass

Secure site allows one to protect a website with a browser-based password. These usernames and passwords are tied directly to the Drupal user database. The site will be invisible to search engines and other crawlers, but still allows access to certain users. A serious design flaw allows the acces...

Indexu 5.05.3 - power_search.php Multiple Cross-Site Scripting Vulnerabilities

Indexu 5.05.3 - powersearch.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

BandSite CMS 1.1 - 'pastshows_content.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

BandSite CMS 1.1 - 'interview_content.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

V3 Chat Instant Messenger - 'search.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

SunShop Shopping Cart 3.5 - Multiple Cross-Site Scripting Vulnerabilities

SunShop Shopping Cart 3.5 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17770/info SunShop Shopping Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

HitHost 1.0 - 'deleteuser.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17025/info HitHost is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

DRZES Hms 3.2 - login.php Cross-Site Scripting

DRZES Hms 3.2 - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15766/info DRZES HMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

CVE-2005-1602

Technical details for CVE-2005-1602 are not publicly available in the provided connected documents. No specific affected product/version or exploit information is confirmed here. Monitor for updates from official sources.

JGS-Portal 3.0.13.0.2 - jgs_portal.php?anzahl_beitraege SQL Injection

JGS-Portal 3.0.13.0.2 - jgsportal.php?anzahlbeitraege SQL Injection source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

FishCart 3.1 - upstnt.php?cartid SQL Injection

FishCart 3.1 - upstnt.php?cartid SQL Injection source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injectio...