298 matches found
Apple iCal 3.0.1 - 'ATTACH' Denial of Service
source: https://www.securityfocus.com/bid/28633/info Apple iCal is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input data. Successful exploits will crash the application. Given the nature of this issue, attackers may also be able to run arbitra...
SunGard Banner Student 7.3 - 'add1' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27490/info Banner Student is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...
CVE-2007-5307
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...
Cross site scripting
Cross-site scripting XSS vulnerability in saveentry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through addentry.php. NOTE: the original report stated that the vulnerability was in addentry.php, which does not...
Apache Tomcat 5.x6.0.x - Directory Traversal
Apache Tomcat 5.x6.0.x - Directory Traversal source: https://www.securityfocus.com/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issu...
Buffer overflow
Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data...
Plesk 7.58.0 - get_password.php Cross-Site Scripting
Plesk 7.58.0 - getpassword.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21067/info Plesk is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and...
Tagit2b - DelTagUser.php Remote File Inclusion
Tagit2b - DelTagUser.php Remote File Inclusion source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in...
Tagit2b - 'DelTagUser.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This may...
Yblog - uss.php Cross-Site Scripting
Yblog - uss.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute...
Yblog - funk.php Cross-Site Scripting
Yblog - funk.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execut...
Yblog - 'tem.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...
Yblog - 'uss.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...
DanPHPSupport 0.5 - 'index.php?page' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...
FW: ExBB <=1.1 XSS vuln.
Извиняюсь ExBB =1.9.1 XSS vuln. From: KeVRter mailto:[email protected] Sent: Monday, May 01, 2006 7:53 PM To: ' [email protected]' Subject: ExBB =1.1 XSS vuln. Cross Site Scripting При добавлении сообщения/темы/голосования осуществляется не достаточная фильтрация входных данных: Примеры...
Buffer overflow
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 20060228 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data...
IPSwitch IMail SMTP Buffer Overflow
A vulnerability exists within IMail that allows remote attackers to gain SYSTEM level access to servers running IMail's SMTP daemon versions 6.06 and below. The vulnerability stems from the IMail SMTP daemon not doing proper bounds checking on various input data that gets passed to the IMail...
PHP-Fusion < 6.00.106 submit.php Multiple Parameter HTML Injection
Binary data 3037.prm...