AlstraSoft E-Friends - XSS

AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmfu...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook...

CVE-2006-2515

Cross-site scripting XSS vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook...

yet more XSS in older versions of ColdFusion

This only affects ColdFusion versions 5 and below. It does not affect CFMX. This is similar to previously reported XSS issues with CF, but not identical to any that I have seen reported. Cold Fusion has a "feature" that allows a developer to add validation to HTML forms by using specially named...

liberoXSS.txt

--Security Report-- Advisory: libero.it XSS vulnerability - HTML injection --- Author: Davide Denicolo --- Date: 28/04/06 --- Contact: davidesecurityinfos.com --- Vendor: ItaliaOnLine S.r.l http://www.libero.it Service: Web Level: Low --- Description: Libero.it is a Web portal of big Italian ISP:...

CVE-2006-0284

Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln 1 FORM01 and 2 FORM02 in the Oracle Forms component...

th_mailformplus

A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...

CVE-2005-3207

The forms servlet f90servlet in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service TNS listener stop via a userid parameter that contains a STOP command...

CVE-2005-3207

The forms servlet f90servlet in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service TNS listener stop via a userid parameter that contains a STOP command...

CVE-2005-3207

The CVE-2005-3207 item concerns Oracle Forms 4.5.10.22, where the forms servlet (f90servlet) can be abused by a userid parameter containing a STOP command to remotely cause a denial of service (TNS listener stop). The connected Nessus/NASL entry for the October 2005 CPU references multiple Oracle...

[Full-disclosure] Shutdown TNS Listener via Oracle Forms Servlet

Shutdown TNS Listener via Oracle Forms Servlet Name Shutdown TNS Listener via Oracle Forms Servlet Systems Affected Oracle Forms Severity Medium Risk Category Denial of Service Vendor URL http://www.oracle.com This advisory http://www.red-database-security.com/advisory/oracleformsshutdown.html...

Oracle Forms - Servlet TLS Listener Remote Denial of Service

source: https://www.securityfocus.com/bid/15039/info Oracle Forms is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote attackers may cause the affected...

Oracle Forms - Servlet TLS Listener Remote Denial of Service

Oracle Forms - Servlet TLS Listener Remote Denial of Service source: https://www.securityfocus.com/bid/15039/info Oracle Forms is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specif...

CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site...

CVE-2005-2372

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the 1 form or 2 module...

CVE-2005-2372

CVE-2005-2372 affects Oracle Forms 4.5–10g, where Form executables (.FMX) can be loaded from arbitrary directories and executed with the privileges of the Oracle/System user. An attacker can upload a malicious FMX and reference it via an absolute path in either the (1) form or (2) module paramete...

CVE-2005-2372

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the 1 form or 2 module...

Run any OS Command via unauthorized Oracle Forms

Name Run any OS Command via unauthorized Oracle Forms Systems Affected Oracle Web Forms 4.5, 5.0, 6.0, 6i, 9i, 10g Severity High Risk Category OS command execution Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 18 July 2005 V 1.00 Advisory...

Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution

source: https://www.securityfocus.com/bid/14319/info Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing. It shoul...

Oracle Forms 6i9i4.5.105.06.0.810g Services - Unauthorized Form Execution

Oracle Forms 6i9i4.5.105.06.0.810g Services - Unauthorized Form Execution source: https://www.securityfocus.com/bid/14319/info Oracle Forms Services is susceptible to an unauthorized form execution vulnerability. Attackers may exploit this vulnerability to execute arbitrary commands with the...