4938 matches found
Qualiteam X-Cart 4.0.8 - help.php?section Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - help.php?section Cross-Site Scripting source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These...
ServersCheck 5.95.10 - Directory Traversal
ServersCheck 5.95.10 - Directory Traversal source: https://www.securityfocus.com/bid/13810/info ServersCheck is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...
Gedit 2.x - Filename Format String
source: https://www.securityfocus.com/bid/13699/info gEdit is prone to a format-string vulnerability. Exploitation may occur when the program is invoked with a filename that includes malicious format specifiers. Attackers could exploit this issue to corrupt arbitrary regions of memory with...
BEA WebLogic 7.0/8.1 - Administration Console Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/13794/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the error page. A successful attack may facilitate the...
BookReview 1.0 - 'search.htm?submit string' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
Fusionphp Fusion News 3.33.6 - X-Forworded-For PHP Script Code Injection
Fusionphp Fusion News 3.33.6 - X-Forworded-For PHP Script Code Injection source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Th...
Spread The Word - Multiple SQL Injections
source: https://www.securityfocus.com/bid/13737/info Spread The Word is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromi...
Fusion News v3.6.1 - remote shell exploit
? $copyr = " !!! PRIVATE !!! PRIVATE !!! PRIVATE !!! PRIVATE !!! PRIVATE !!! oooo...oooo.oooooooo8.ooooooooooo .8888o..88.888........88..888..88 .88.888o88..888oooooo.....888 .88...8888.........888....888 o88o....88.o88oooo888....o888o Network security team nst.void.ru Title: Fusion News v3.6.1...
PostNuke 0.750.76 Blocks Module - Directory Traversal
PostNuke 0.750.76 Blocks Module - Directory Traversal source: https://www.securityfocus.com/bid/13636/info PostNuke Blocks module is affected by a directory traversal vulnerability. The problem presents itself when an attacker passes a name for a target file, along with directory traversal...
Apple Mac OSX 10.x - BlueTooth Directory Traversal
Apple Mac OSX 10.x - BlueTooth Directory Traversal source: https://www.securityfocus.com/bid/13491/info Apple Mac OS X is prone to a directory-traversal vulnerability. Since the software fails to sufficiently sanitize input, a remote attacker could use the Bluetooth file- and object-exchange...
Apple Mac OSX 10.x - BlueTooth Directory Traversal
source: https://www.securityfocus.com/bid/13491/info Apple Mac OS X is prone to a directory-traversal vulnerability. Since the software fails to sufficiently sanitize input, a remote attacker could use the Bluetooth file- and object-exchange services to access files outside the default...
ASP Inline Corporate Calendar 3.6.3 - 'Defer.asp' SQL Injection
source: https://www.securityfocus.com/bid/13485/info ASP Inline Corporate Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a...
CVE-2005-0584
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...
CVE-2005-0584
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks...
CodetoSell ViArt Shop Enterprise 2.1.6 - product_details.php?category_id Cross-Site Scripting
CodetoSell ViArt Shop Enterprise 2.1.6 - productdetails.php?categoryid Cross-Site Scripting source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to...
CodetoSell ViArt Shop Enterprise 2.1.6 - 'basket.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
CodetoSell ViArt Shop Enterprise 2.1.6 - 'reviews.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
Maxwebportal 1.3 - 'custom_link.asp' Multiple SQL Injections
source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in...
Dream4 Koobi CMS 4.2.3 - 'index.php?P' SQL Injection
source: https://www.securityfocus.com/bid/13412/info Koobi CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
CartWIZ 1.10 - 'AddToCart.asp' SQL Injection
source: https://www.securityfocus.com/bid/13330/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successful exploitation could result in a compromise of...