Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - '/docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - spyceexamplesformtag.spy Multiple Cross-Site Scripting Vulnerabilities

Spyce 2.1.3 - spyceexamplesformtag.spy Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage...

Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities

Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage...

horde3113010.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0011 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Horde 3.1.1, 3.0.10 Multiple Security Issues +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON July 05, 2006 PUBLISHED AT...

frontpage -- cross site scripting vulnerability

Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...

FogBugzXSS.txt

I.Vulnerability FogBugz Cross Site Scripting Vulnerability II.Vendor Fog Creek Software www.fogcreek.com III.Affected Systems - FogBugz = 4.029 IV.About FogBugz is a complete web based project management system for software teams. Designed by Joel Spolsky of Joel on Software fame www.fogcreek.com...

FlatNuke 2.5.x - help.php Multiple Cross-Site Scripting Vulnerabilities

FlatNuke 2.5.x - help.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to...

FlatNuke 2.5.x - 'help.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

CuteNews <= 1.3.6 Multiple XSS

According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an...

Google Desktop Search - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11541/info Google Desktop Search is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize HTML tag content. An attacker may leverage this issue to execute arbitrary client-side...