128 matches found
HTB22878: XSS vulnerability in CosmoShop
Vulnerability ID: HTB22878 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincosmoshop.html Product: CosmoShop Vendor: Zaunz Publishing GmbH http://www.cosmoshop.de/ Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Stored XSS Cross Site...
TCExam 11.1.16 - user_password Cross-Site Scripting
TCExam 11.1.16 - userpassword Cross-Site Scripting source: https://www.securityfocus.com/bid/46096/info TCExam is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
Injader CMS Multiple Vulnerabilities
Exploit for php platform in category web applications Vulnerability ID: HTB22745 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininjadercms1.html Product: Injader CMS Vendor: http://www.injader.com/ http://www.injader.com/ Vulnerable Version: 2.4.4 Vendor Notification: 07 December 20...
Webmedia Explorer 6.13.1 Cross Site Scripting
Vulnerability ID: HTB22661 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinwebmediaexplorer.html Product: Webmedia Explorer Vendor: Marc Salmurri http://www.webmediaexplorer.com/ Vulnerable Version: 6.13.1 and probably prior versions Vendor Notification: 19 October 2010...
W-Agora 4.2.1 - search.php3?bn Traversal Local File Inclusion
W-Agora 4.2.1 - search.php3?bn Traversal Local File Inclusion source: https://www.securityfocus.com/bid/44370/info w-Agora is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the...
XSS vulnerability in CMSimple
Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS Cross Site...
XSS vulnerability in Amethyst
Vulnerability ID: HTB22501 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinamethyst1.html Product: Amethyst Vendor: Hulihan Applications http://hulihanapplications.com/projects/amethyst Vulnerable Version: 0.1.5 and Probably Prior Versions Vendor Notification: 22 July 2010...
DSite CMS 4.81 Cross Site Scripting
Vulnerability ID: HTB22465 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityindsitecms.html Product: DSite CMS Vendor: Media Programming Group http://www.dsite.ru Vulnerable Version: 4.81 and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerability Type: XSS Cross Site...
SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities
SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site...
SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities
source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site request-forgery issues. Attackers can exploit these issues to obtain sensiti...
EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting
EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting source: https://www.securityfocus.com/bid/40037/info EasyPublish CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...
osCommerce Local File Include and HTML Injection Vulnerabilities
osCommerce is prone to a local file-include vulnerability and an HTML- injection vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to execute local files within the context of t...
ProArcadeScript - 'search.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/39749/info ProArcadeScript is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...
Axon Virtual PBX 2.13 Multiple Remote Vulnerabilities
NCH Software Axon virtual PBX is prone to multiple remote vulnerabilities, including: - A cross-site scripting vulnerability. - A cross-site request forgery vulnerability. - An arbitrary file deletion vulnerability. - A directory traversal vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG...
RepairShop2 - 'index.php?Prod' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38907/info RepairShop 2 is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user,...
New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities
New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/38307/info New-CMS is prone to multiple local file-include vulnerabilities and an HTML-Injection vulnerability because it fails to properly sanitize user-supplied input. An attack...
Extreme Mobster - 'login' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38265/info Extreme Mobster is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...
SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting
source: https://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code,...
D-Link DKVM-IP8 - auth.asp Cross-Site Scripting
D-Link DKVM-IP8 - auth.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/37646/info D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
DieselPay 1.6 - Cross-Site Scripting / Directory Traversal
source: https://www.securityfocus.com/bid/37564/info DieselPay is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these vulnerabilities to obtain sensitive information,...