153 matches found
Wix.com Cross Site Scripting
57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?escapedfragment= That is where search...
DEBIAN-CVE-2014-3512
Multiple buffer overflows in crypto/srp/srplib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an invalid SRP 1 g, 2 A, or 3 B parameter...
Mambo Site Server 4.0.11 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. Information...
SuSE 10 Security Update : libvirt (ZYPP Patch Number 7613)
libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call. CVE-2011-2511 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid55850;...
CVE-2010-4349
admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid dbtype parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...
Design/Logic Flaw
index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via 1 a viewadrates action with an invalid uid parameter, which reveals the installation path in an error message; or 2 an adminlogin action with a crafted uid parameter, which reveals the version number...
CVE-2010-1554
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter...
CVE-2009-2115
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...
CVE-2009-2107
Multiple cross-site scripting XSS vulnerabilities in index.php in Webmedia Explorer webmex 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the 1 search or 2 tag parameters; 3 arbitrary invalid parameter names that are not...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in Webmedia Explorer webmex 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the 1 search or 2 tag parameters; 3 arbitrary invalid parameter names that are not...
CVE-2009-2107
Multiple cross-site scripting XSS vulnerabilities in index.php in Webmedia Explorer webmex 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the 1 search or 2 tag parameters; 3 arbitrary invalid parameter names that are not...
Code injection
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function...
CVE-2008-5322
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function...
Stack overflow
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information wa...
tomcat examples XSS
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer...
CVE-2008-0784
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid localgraphid parameter and other unspecified vectors...
CVE-2003-1517
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message...
Design/Logic Flaw
SimpNews 2.41.03 allows remote attackers to obtain sensitive information via 1 an invalid lang parameter to admin/index.php; or a direct request to 2 admin/dbginfos.php, 3 admin/heading.php, or 4 evsearch.php; which reveals the path in various error messages...
Design/Logic Flaw
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via 1 an invalid month parameter to calendar.php, 2 an invalid catview parameter to calweek.php in a week operation, 3 an invalid ycyear parameter to yearcal.php, or 4 a direct request to calfunctions.inc.php, which...
CVE-2007-3059
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sclanguage parameter to sendcard.php, which reveals the path in an error message...