4502 matches found
IPortalX Forums Cross-Site Scripting Vulnerability
HSC IPortalX Forums Cross-Site Scripting Vulnerability IPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
dokeos-xss.txt
HSC Dokeos Multiple Cross-Site Scripting Vulnerabilities Dokeos is a learning management systemused to manage e-learning. It's prone to cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the conte...
SuSE 10 Security Update : flash-player (ZYPP Patch Number 3890)
The Adobe Flash Player was updated to version 7.0.70.0 for Novell Linux Desktop 9 and to version 9.0.48.0 on SUSE Linux Enterprise Desktop 10 to fix several security problems : - An input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to the...
Liferay Enterprise Portal multiple XSS
Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New...
CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Lotus Notes buffer overflow in the Lotus WorkSheet file processor Advisory Information Title: Lotus Notes buffer overflow in the Lotus WorkSheet file processor Advisor...
liferay-xss.txt
Vendor Site: Liferay.net Version affected: Liferay Enterprise Portal 4.3.1 Demo:http://www.liferay.net/c/portal/login?tabs1=forgot-password Class: Input Validation Error Overview: Liferay fails to sufficiently sanitize user-supplied input data in "email address" text box by pressing the "Send New...
mps-insertion.txt
HSCMySpace Scripts - Poll Creator JavaScript Injection Vulnerability Our MySpace Poll Creator script is the ultimate addition to your MySpace resource site. The script enables your user to quickly and easily create a poll that they can post to profile or bulletin to all their friends. Everyone...
Lotus Notes buffer overflow in the Lotus WorkSheet file processor
Advisory ID Internal CORE-2007-0821 Advisory Information Title: Lotus Notes buffer overflow in the Lotus WorkSheet file processor Advisory ID: CORE-2007-0821 Date published: 2007-11-27 Date of last update: 2007-11-27 Vendors contacted: IBM Corp. Release mode: COORDINATED RELEASE Vulnerability...
MySpace Scripts - Poll Creator JavaScript Injection Vulnerability
HSCMySpace Scripts - Poll Creator JavaScript Injection Vulnerability Our MySpace Poll Creator script is the ultimate addition to your MySpace resource site. The script enables your user to quickly and easily create a poll that they can post to profile or bulletin to all their friends. Everyone...
iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability
iDefense Security Advisory 11.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 12, 2007 I. BACKGROUND The Novell Client software provides a workstation with access to Novell NetWare networks as well as Novell Open Enterprise Server OES services. Novell Clients can access the full...
eggblog-xss.txt
H - Security Labs Eggblog v3.1.0 Security Advisory ID : HSEC20071111 General Information -------------------------- Name : EggBlog v.3.1.0 Vendor HomePage :http://sourceforge.net/projects/eggblog/ Platforms : PHP && MySQL Vulnerability Type : Input Validation Error Timeline...
Eggblog v3.1.0 XSS Vulnerability
H - Security Labs Eggblog v3.1.0 Security Advisory ID : HSEC20071111 General Information -------------------------- Name : EggBlog v.3.1.0 Vendor HomePage :http://sourceforge.net/projects/eggblog/ Platforms : PHP && MySQL Vulnerability Type : Input Validation Error Timeline...
omnistar-xss.txt
HSC Omnistar Live Software Cross-Site Scripting Vulrnability Omnistar Live is web based PHP help desk software used by webmasters that combines live chat and helpdesk software in one easy to use solution. Our customer service software combines ticketed support web and email based, live chat and a...
smartshop-xss.txt
HSC Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability SMART-SHOP shopping cart software is a all-in-one hosted e-commerce solution that creates and helps you maintain your online store fast, easy, and cost-effective. Many people using this software must be warned that there are holes in...
linux-realplayer -- multiple vulnerabilities
Secunia reports: Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system. An input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted...
Novell OpenSUSE SWAMP multiple XSS
Vendor Site: http://en.opensuse.org/Swamp Version affected: ??? Demo:http://swampdemo.suse.de/webswamp/swamp/template/Index.vm Class: Input Validation Error Overview:OpenSUSE Workflow Administration and Management Platform login page fails to sufficiently sanitize user-supplied input data via log...
dnewsweb-xss.txt
HSC DNewsWeb Softwares Cross Site Scripting Vulrnability The DNews News Server is advanced news server software that makes it easy for you to provide users with fast access to Internet Usenet news groups. Installing your own l ocal news server software also gives you complete control to create yo...
eGov Content Manager Cross Site Scripting Vulrnability
HSC eGov Content Manager Cross Site Scripting Vulrnability The eGov Manager was designed to simplify the efforts of government staffers who are responsible for posting public documents, news updates, events, managing staff directories and online services. This issue is due to a failure in the...
webbatch-xss.txt
HSC WebBatch Applications Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
tomcat4131-xss.txt
Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation error and could be exploited for cross site scriptingand cross site request forgery. XSS http://myserver:myport/examples/jsp/cal/cal2.jsp?time=8am%3cscript%3ealert"XSS!"%3c%2fscript%3e...