Cross site scripting

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

CVE-2017-17826

The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallerytitle parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it...

A vulnerability in the web console of the Antivirus Casper 8.0 anti-virus software allows for the transfer of JavaScript code executed by the client browser.

The vulnerability of the Antivirus Kaspersky 8.0 web console for Linux File Servers relates to the execution of scripts across sites. Exploiting this vulnerability allows a malicious actor to inject JavaScript code through a specially crafted GET request, with the JavaScript code specified in the...

W3C CERN httpd 3.0 Proxy Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are...

Proxomitron Naoko-4 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3087/info Proxomitron is a free web proxy server. Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for script cod...

Drupal 5 / 6 / 7 Cross Site Scripting

Hi, There is a persistent XSS in Drupal versions 5.x, 6.x and 7.x I have not yet tested Drupal 8.x due to not being fully released . The function which is vulnerable is the watchdog function, where the $message parameter does not get sanitized and you can pass through arbitrary code to be execute...

SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

Vulnerability Recommended Actions To eliminate this vulnerability, perform one of the following actions: Upgrade to a software version that is listed in the Versions known to be Not Vulnerable column of the table. Upgrade your client browser to a non-vulnerable version. Supplemental Information...

SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, the...

Filter Proxy HTTP Headers Mismatch

Filter web Proxy is a proxy tool that interferes between a web server and a client browser. It enables users to change the HTTP headers and client side content, e.g. HTML and JavaScript. The filter proxy can also block pop-ups and malicious content. Malicious users can use this technique to chang...

Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerability

Description Microsoft WMI Administrative Tools is prone to a remote code-execution vulnerability that affects the WMI Object Viewer 'WBEMSingleView.ocx' ActiveX control. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow...

Drupal Embedded Media Field Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are also available at http://www.madirish.net/?article=472 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...

Novell iPrint multiple security vulnerabilities

Buffer overflows, unauthorized access, code execution, etc in iPrint Client Browser Plugin and iPrint Server...

Novell iPrint Client Browser Plugin operation Parameter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint Client Browser Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

netbeware.txt

Novell Netware 6.5 Remote Manager HTML Injection Exploit Username: Password: Example -- Username: "var ex=new ActiveXObject"WScript.Shell";ex.run'cmd.exe /C ver';...

Microsoft Windows XMLHTTP proxy problem

Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser...

html net horse generic free kill-vulnerability warning-the black bar safety net

Abroad to several websites to see a few cattle for this vulnerability discussion, deep feeling, wrote an Exp, the principle is simple, the master of drifting........ 例子 :ascii.exe hack.txt hack.htm Vulnerabilities with server-independent, and the client browser is concerned, the current through...

MaxWebPortal < 1.360 Multiple Vulnerabilities

Binary data 2898.prm...

MaxWebPortal < 1.36 XSS and SQL Injection Vulnerabilities

Binary data 2783.prm...

CVE-2002-2308

Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself...

PHP-Nuke 6.0 - Web Mail Script Injection

source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email containing attacker-supplied scrip...