Cross site scripting

Cross-site scripting XSS vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action...

Cross site scripting

Cross-site scripting XSS vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action...

CVE-2012-1214

Cross-site scripting XSS vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action...

CVE-2012-1198

baseagmain.php in Basic Analysis and Security Engine BASE 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action...

SMW+ 1.5.6 Cross Site Scripting

Exploit Title: SMW+ 1.5.6 Cross Site Scripting Date: 9.02.2012 Author: Sony Software Link:http://www.smwplus.com/index.php/SemanticMediaWikiPlus Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/smw-enterprise-wiki-156-cross-site.html...

Lead Capture Page System Authentication Bypass

Lead Capture Page System Authentication Bypass Vulnerability Software : Lead Capture Page System Date : 1/12/2012 Vendor : http://leadcapturepagesystem.com Get App. : http://leadcapturepagesystem.com/order.php?id=1 Price : $235 Dork : intext:"Powered By Lead Capture Page System" Author : ITTIHACK...

Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

DEBIAN-CVE-2011-2769

Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATEFAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values...

CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

DEBIAN-CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

CVE-2011-4743

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files...

Design/Logic Flaw

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

Exploit for php platform in category web applications $Id: phpldapadminqueryengine.rb 14060 2011-10-25 05:25:39Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informati...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

LightNEasy 3.4.2 Multiple Vulnerabilities

Exploit for php platform in category web applications ========================================================================= LightNEasy 3.4.2 Multiple Vulnerabilities =========================================================================...

Feed on Feeds 0.5 - Remote PHP Code Injection

Feed on Feeds 0.5 - Remote PHP Code Injection strtolower$b"'.$key.'" ? -1 : 1;'; 1096. 1097. else 1098. 1099. $compare = createfunction'$a,$b','if strtolower$a"'.$key.'" == strtolower$b"'.$key.'" return 0;else return strtolower$a"'.$key.'" strtolower$b"'.$key.'" ? -1 : 1;'; 1100. 1101. 1102...

BitDefender IS2011 - FV Buffer Overflow Vulnerability

Document Title: =============== BitDefender IS2011 - FV Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=147 Release Date: ============= 2011-08-29 Vulnerability Laboratory ID VL-ID: ==================================== 147...