Centrinity FirstClass HTTP Server 5/7 TargetName Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9950/info It has been reported that FirstClass HTTP Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue...

Fastream NetFile 6.0.3 .588 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a 404...

CuteNews 0.88/1.3 show_archives.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. The problems present...

SHOUTcast DNAS 2.2.1 - Stored XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link:...

SHOUTcast DNAS 2.2.1 Cross Site Scripting

Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software Link: http://forums.winamp.com/showthread.php?t=373139 Version: 2.2.1 for Win...

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the...

BarracudaDrive Multiple XSS Vulnerabilities -01 (Jun 2014)

BarracudaDrive is prone to multiple XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Pixie CMS 1.04 Cross Site Scripting

Pixie CMS v1.04 Contact form POST XSS Vulnerabilities Vendor: Pixie CMS Product web page: http://www.getpixie.co.uk Affected version: 1.04 Severity: Medium CVE: CVE-2014-3786 Demo page: http://demo.getpixie.co.uk Discovered by: Filippos Mastrogiannis @filipposmastro & Simone Memoli @Simon90Italy...

Khan Academy: CRLF Injection

Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS cross-site scripting or session fixation. PoC...

Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Storesprite, which can be exploited to perform Cross-Site Scripting attacks. 1 Reflected Cross-Site Scripting XSS in Storesprite: CVE-2014-3737 The vulnerability exists due to insufficient sanitisation of user-supplied data in...

Localize: CSRF in adding phrase.

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering like sending a link via email/chat, an attacker may trick the users of a web application into executing actions of the...

WordPress Uploader Plugin Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Web message boards of the Big Three dangerous vulnerability-a vulnerability warning-the black bar safety net

Message boards as a web page with the viewer interactive media and popular,in a variety of large and small site almost always has its shadow,so the message Board is now the site of a key protagonist,so its safe not not seriously considered,now listed in the guestbook when making the three big...

Joomla! Kunena组件"[map]" BBCode脚本注入漏洞

Joomla!是一套在国外相当知名的内容管理系统。 由于在创建信息时通过"map" BBCode参数传递的输入在bbcode/bbcode.php中没有被正确过滤，攻击者可以利用漏洞在恶意数据被查看时，在受影响站点上下文的用户浏览器会话中注入并执行任意HTML和脚本代码。 0 Kunena 3.x component for Joomla! Joomla! Kunena 3.0.5版本以修复此漏洞，建议用户下载使用： http://www.kunena.org/blog/135-kunena-3-0-5-released...

ownCloud多个跨站脚本漏洞

ownCloud是一款开源的私有云服务器。 ownCloud存在多个跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 0 ownCloud 6.x ownCloud 6.0.2已经修复该漏洞，建议用户下载更新： http://owncloud.org...

Drupal Nivo Slider Module模块跨站脚本漏洞

Bugtraq ID:66327 Drupal是一套开放源码的内容管理平台。 Drupal Nivo Slider模块没有正确过滤图像标题数据，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 0 Drupal Nivo Slider Module 7.x Drupal Nivo Slider Module 7.x-1.11已经修复该漏洞，建议用户下载更新： http://drupal.org/project/nivoslider...

CMSimple 3.54 Cross Site Scripting

Advisory ID: HTB23205 Product: CMSimple Vendor: Preben Bjorn Biermann Madsen Vulnerable Versions: 3.54 and probably prior Tested Version: 3.54 Advisory Publication: February 26, 2014 without technical details Vendor Notification: February 26, 2014 Vendor Patch: February 26, 2014 Public Disclosure...

Debian: Security Advisory (DSA-2882-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Joomla Multi Calendar 4.0.2 Cross Site Scripting

Hello, Multiple cross-site scripting XSS vulnerabilities in Multi calendar 4.0.2 component for Joomla! allow remote attackers to inject arbitrary web script or HTML code via 1 the calid parameter to index.php or 2 the paletteDefault parameter to index.php. File: /tmpl/layouteditevent.php Lines: 1...

Serena Dimensions CM跨站脚本漏洞

Bugtraq ID:65976 CVE ID:CVE-2014-0335 Serena Dimensions CM是一款项目计划管理工具。 Serena Dimensions CM存在多个跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 0 Serena Dimensions CM 12.2 Build 7.199.0 web client 目前没有详细解决方案提供： http://www.serena.com/index.php/en/products/featured-products/dimensions-cm/...