Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities

Xataface WebAuction/Librarian DB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xataface WebAuction and Xataface Librarian DB - Multiple Vulnerabilities

Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...

Xataface WebAuction / Librarian DB XSS / LFI / SQL Injection

Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...

PT-2011-04: Cross-Site Scripting in Kayako Support Suite

Positive Research Center has discovered multiple XSS vulnerabilties in Kayako Support Suite. 1. Application insufficiently verifies subscriberdata incoming parameter in /staff/index.php?m=news&a=importexport script. An attacker with "staff" privileges can use the vulnerabilty to inject and execut...

PT-2011-01: Cross-Site Scripting in Kayako Support Suite

Positive Research Center has discovered XSS in Kayako Support Suite. Application insufficiently verifies incoming data in "Subject" parameter in LiveSupport module. An attacker can use the vulnerability to inject and execute HTML code and scripts in a user's browser within the trust relationship...

Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...

ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary...

Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities

Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49292/info Open Classifieds is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues t...

Skype 5.5.0.113 Cross Site Scripting

+-----------------------------------------------------------------------------+ | noptrix.net - Public Security Advisory | +-----------------------------------------------------------------------------+ Date: ----- 08/17/2011 Vendor: ------- Skype Limited - http://www.skype.com/ Affected Software...

FreeBSD : bugzilla -- multiple vulnerabilities (dc8741b9-c5d5-11e0-8a8e-00151735203a)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in 'Raw Unified' mode, which could trigger a cross-site scripting attack due to the execution o...

Fofou Forums Cross Site Scripting

Exploit Title: Permanent XSS and Html Code Injection in the Fofou Forums Google Dork: intext:Powered by fofou Date: 15.08.2011 Author: Sony Software Link: http://blog.kowalczyk.info/software/fofou/index.html Version: all version...

Safenet Sentinel and 7-T Input Sanitization Vulnerability

Overview ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input...

Digital Scribe Multiple Cross Site Scripting Vulnerabilities

Digital Scribe is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Digital Scribe 1.5 Cross Site Scripting

25: 26: 27: Title:" SIZE=4 Mr., Mrs., etc 28: 29: Last Name:" 30: Password: 31: 32: Password Again: 33: 34: E-Mail:INPUT TYPE=TEXT NAME=e...

Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities

25: 26: 27: Title:" SIZE=4 Mr., Mrs., etc 28: 29: Last Name:" 30: Password: 31: 32: Password Again: 33: 34: E-Mail:INPUT TYPE=TEXT NAME=email SIZE=34 VALUE=?php echo $POS...

Digital Scribe 1.5 - register_form() Multiple POST Cross-Site Scripting Vulnerabilities

Digital Scribe 1.5 - registerform Multiple POST Cross-Site Scripting Vulnerabilities 25: 26: 27: Title:" SIZE=4 Mr., Mrs., etc 28: 29: Last Name:" 30: Password: 31: 32: Password Again: 33: 34: E-Mail:INP...

Digital Scribe 1.5 (register_form()) Multiple POST XSS Vulnerabilities

Summary The Digital Scribe is a free, intuitive system designed to help teachers put student work and homework assignments online. Description Digital Scribe suffers from multiple POST XSS vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized...

GBook PHP Guestbook 1.7 Cross Site Scripting

Vulnerability ID: HTB23028 Reference: http://www.htbridge.ch/advisory/multiplexssingbookphpguestbook.html Product: GBook PHP guestbook Vendor: PHPJunkyar http://www.phpjunkyard.com Vulnerable Version: 1.7 and probably prior Tested on: 1.7 Vendor Notification: 06 July 2011 Vulnerability Type: XSS...

Joomla! CMS Multiple Cross Site Scripting Vulnerabilities - July 2011

This host is running Joomla and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodjoomlamultxssvulnjul11.nasl 5840 2017-04-03 12:02:24Z cfi $ Joomla! CMS Multiple Cross Site Scripting Vulnerabilities - July 2011 Authors: Sooraj KS Copyright: Copyrigh...