8 matches found
Information Disclosure
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Cross-site Scripting (XSS)
simplemde is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the values of img and label, allowing XSS attacks...
Cross-site Scripting (XSS)
EWSoftware.SHFB is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize parameters passed through the URL, allowing a malicious user to inject and execute arbitrary Javascript...
Sql injection
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting XSS attacks by creating a file that generates an error...
Ubuntu 14.04 LTS : lxml vulnerability (USN-2217-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2217-1 advisory. It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site...
CVE-2013-4568
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...
Mandrake Security Advisory MDVSA-2009:265 (egroupware)
The remote host is missing an update to egroupware announced via advisory MDVSA-2009:265. OpenVAS Vulnerability Test $Id: mdksa2009265.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:265 egroupware Authors: Thomas Reinke Copyright: Copyright c 2009...
CVE-2006-5037
MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...