128 matches found
SpagoBI 4.0 - Persistent HTML Script Insertion
Exploit for php platform in category web applications SpagoBI1 is an Open Source Business Intelligence suite, belonging to the free/open source SpagoWorld initiative, founded and supported by Engineering Group2. It offers a large range of analytical functions, a highly functional semantic layer...
SpagoBI 4.0 - Persistent HTML Script Insertion
SpagoBI 4.0 - Persistent HTML Script Insertion 01. Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02...
SpagoBI 4.0 - Persistent HTML Script Insertion
Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...
Oracle Demantra 12.2.1 - Stored XSS Vulnerability
Exploit for windows platform in category web applications Details: The TaskSender area is vulnerable to a stored cross-site scripting vulnerability. Impact: An attacker could exploit this flaw to get active HTML or script code executed in an authenticated user’s browser. Cross-site Scripting may ...
[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in "Project'Or RIA"
============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...
Zikula returnpage Cross Site Scripting Vulnerability
Zikula is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Reflected XSS in JIRA Admin Panel (Delete User)
The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...
Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)
A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the displaymode parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an...
mnoGoSearch <= 3.3.12 Multiple Vulnerabilities - Active Check
mnoGoSearch is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LabWiki Multiple Cross-site Scripting (XSS) and Shell Upload Vulnerabilities
LabWiki is prone to multiple cross-site scripting and shell upload vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
Cross site scripting
Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf...
[ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0
============================================= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored ============================================= I...
GlassFish Enterprise Server 2.1 - Admin Console sysnetregistration.jsf URI Cross-Site Scripting
GlassFish Enterprise Server 2.1 - Admin Console sysnetregistration.jsf URI Cross-Site Scripting source: https://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input...
@ltacontent CMS Cross Site Scripting
=========================================================================================== Title : Cross-site Scripting XSS Vulnerability Software : @ltacontent CMS Vendor : http://altaconnect.com/ Date : 26 April 2009 Indonesia Author : Vrs-hCk Contact : [email protected] Blog :...
Apple iOS 1.1.2 - Remote Denial of Service
function Demo var shellcode; var addr; var fill; alert'attempting a crash!'; shellcode = unescape'%u0c0c'; fill = unescape'%ucccc'; addr = 0x02020202; var b = fill; while b.length milw0rm.com 2008-01-24...
Debian: Security Advisory (DSA-1290-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
webcrawlerXSS.txt
webcrawler.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
Microsoft JScript Memory Corruption Vulnerability
Description Microsoft JScript is prone to a remote memory-corruption vulnerability. This issue is due to the software's failure to properly execute certain HTML script content. This issue allows remote attackers to execute arbitrary machine code in the context of applications that use the JScript...
Mozilla Firefox: Potential remote code execution
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact If JavaScript is enabled, by tricking a us...
Microsoft Power Point Temporary Internet Files folder access
Script within HTML can access Temporary Internet Files folder directly...