phpInstantGallery 1.1 'admin.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37502/info phpInstantGallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Online Contact Manager 3.0 view.php id Parameter XSS

存在漏洞版本: =3.0 漏洞描述： Online Contact Manager 3.0 是一个web上的联系人管理系统应用。其存在由于用户的非正常输入导致的危险. 远程的用户可以注入 SQL 命令, 同时也能够执行跨站脚本攻击. 远程的用户也可以植入 html 来挂马 'view.php' 脚本没有正确的验证用户对于 ‘id’ 变量的输入。一个远程的用户可以创建一个特殊构造的 URL, 当目标用户加载此页面的时候, 将会造成目标用户的浏览器上的任意代码的执行.这个代码将会在 Online Contact Manager 中执行，会在整个网站的安全背景下运行。因此,...

SendStudio 4.0.1 Cross Site Scripting and Security Bypass Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37554/info SendStudio also called Email Marketer is prone to a cross-site scripting issue and a security-bypass issue. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...

pixheaven.net XSS vulnerability

Open Bug Bounty ID: OBB-45724 Description| Value ---|--- Affected Website:| pixheaven.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:0599-1)

This is a MozillaFirefox update to version 29.0 : - MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards - MFSA 2014-36/CVE-2014-1522 bmo995289 Web Audio memory corruption issues - MFSA 2014-37/CVE-2014-1523 bmo969226 Out of bounds read while decoding JPG images - MFSA...

Fortinet FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities

The remote host is running FortiWeb 4.x / 5.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities : - FortiWeb is affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input. CVE-2014-1955 - FortiWeb is affected by an unspecified HTTP heade...

Booking Calendar - Multiple Vulnerabilities

Booking Calendar - Multiple Vulnerabilities Booking Calendar PHP - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

ArticleSetup - Multiple Vulnerabilities

ArticleSetup - Multiple Vulnerabilities Exploit Title : ArticleSetup Multiple Vulnerabilities Author : DevilScreaM Date : 21/09/2013 Category : Web Applications Vendor : http://www.articlesetup.com/ Version : 1.0 Dork intext:Powered By Article Marketing Vulnerability : Cross Site Scripting , SQL...

Symantec Endpoint Protection Manager XSS and CSRF Vulnerabilities

This host is installed with Symantec Endpoint Protection Manager and is prone to cross site scripting and cross site request forgery vulnerabilities. OpenVAS Vulnerability Test $Id: gbsymantecendpointprotectionxssncsrfvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ Symantec Endpoint Protection Manag...

OpenEMR <= 4.0.0 Multiple XSS Vulnerabilities

OpenEMR is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CentOS Update for ruby CESA-2011:0909 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

vBulletin 3.x.x vBTube 1.2.9 Cross Site Scripting

Author : Mr.ThieF alert1; http://site/path/vBTube.php?page=1&do=user&uname="alert1; Example : http://www.magicalproteachings.com/cy/vBTube.php?page=1&do=user&uname="alert1; http://www.rchelicoptertown.com/forum/vBTube.php?do=view&vidid=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E Done...

LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability

LDAP Account Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Siestta <= 2.0 Multiple Vulnerabilities

Siestta and is prone multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ramoncastro:siestta"; ifdescriptio...

Simple PHP Guestbook Cross Site Scripting

? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: Suffering From XSS Vulnerability ? Vendor: www.simplephpguestbook.com ? ? Software : Simple PHP Guestbook ? - ? - author: R3d-D3v!L ? TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ? contact: N/A - ?Date: 10. Jan. 201...

DNN (DotNetNuke) < 5.2.0 SearchResults.aspx XSS

The version of DNN installed on the remote host is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'Search' parameter of the 'SearchResults.aspx' script before using it to generate dynamic HTML output. An unauthenticated, remote...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-334)

This update brings the Mozilla Firefox browser to version 3.0.4. It fixes following security issues : CVE-2008-0017 / MFSA 2008-54 : The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for...

[SECURITY] [DSA 1792-1] New drupal6 packages fix multiple vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1792-1 [email protected] http://www.debian.org/security/ Noah Meyerhans May 06, 2009 http://www.debian.org/security/faq -...

CentOS Update for php CESA-2008:0546-01 centos2 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0546-01 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RedHat Security Advisory RHSA-2009:0010

The remote host is missing updates announced in advisory RHSA-2009:0010. Ivan Markovic discovered a cross-site scripting XSS flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially-crafted HTML mail or attachment that could cause a user...