Noah's Classifieds 5.0.4 Cross Site Scripting

Vulnerability ID: HTB22952 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinnoahsclassifieds.html Product: Noah's Classifieds Vendor: Noah's Classifieds http://www.noahsclassifieds.org/ Vulnerable Version: 5.0.4 and probably prior versions Vendor Notification: 12 April 2011...

Noah's Classifieds 5.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/47578/info Noah's Classifieds is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing t...

SocialGrid WordPress Plugin 2.3 Cross Site Scripting

Vulnerability ID: HTB22940 Reference: http://www.htbridge.ch/advisory/xssinsocialgridwordpressplugin.html Product: SocialGrid wordpress plugin Vendor: Michael Whalen http://whalesalad.com Vulnerable Version: 2.3 Vendor Notification: 05 April 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

CVE-2011-1691

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets CSS implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the 1 counterIncrement and 2 counterReset...

CVE-2011-1691

Removed by vendor...

phpCollab 2.5 XSRF / XSS / Path Disclosure

================================= Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...

Eleanor CMS rc5 Cross Site Scripting / SQL Injection

================================= Vulnerability ID: HTB22912 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: SQL Injecti...

InTerra Blog Machine 1.84 - Cross-Site Scripting

InTerra Blog Machine 1.84 - Cross-Site Scripting Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachin e.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably...

HTB22901: SQL injection in SyndeoCMS

Vulnerability ID: HTB22901 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: SQL injection Risk level: High Credit...

Web Poll Pro 1.0.3 Cross Site Scripting

Product: Web Poll Pro Vendor: http://www.got.my Vulnerable Version: 1.0.3 and probably prior versions Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The...

SuSE 11 Security Update : Mozilla (SAT Patch Number 1328)

This update brings the Mozilla XULRunner engine to the 1.9.0.14 stable release. It also fixes various security issues : - / CVE-2009-30 /. MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 - Mozilla developers and community members identified and fixed...

CVE-2011-0158

MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service persistent application crash via crafted JavaScript code...

CVE-2011-0158

Summary of CVE-2011-0158 (Apple iOS/MobileSafari) : The issue affects MobileSafari on iOS prior to 4.3 where launching applications via URL handlers is not implemented correctly. This allows remote attackers to trigger a denial of service through crafted JavaScript, resulting in persistent applic...

HTB22863: XSS vulnerability in xtcModified

Vulnerability ID: HTB22863 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinxtcmodified.html Product: xtcModified Vendor: xtcModified Team http://www.xtc-modified.org/ Vulnerable Version: 1.05 and probably prior versions Vendor Notification: 17 February 2011 Vulnerability Type: XSS...

HTB22856: XSS vulnerability in Pragyan CMS

Vulnerability ID: HTB22856 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinpragyancms1.html Product: Pragyan CMS Vendor: Pragyan Team http://sourceforge.net/projects/pragyan/ Vulnerable Version: v.3.0 beta Vendor Notification: 17 February 2011 Vulnerability Type: Stored XSS Cross Sit...

HTB22861: XSS in Question and Answer Forum wordpress plugin

Vulnerability ID: HTB22861 Reference: http://www.htbridge.ch/advisory/xssinquestionandanswerforumwordpressplugin.html Product: Question and Answer Forum wordpress plugin Vendor: David Woodford hhttp://trevorpythag.co.uk Vulnerable Version: 1.2.4 Vendor Notification: 15 February 2011 Vulnerability...

Podcast Generator 1.3 - Multiple Vulnerabilities

======================================== Vulnerability ID: HTB22801 Reference: http://www.htbridge.ch/advisory/localfileinclusioninpodcastgenerator.html Product: Podcast Generator Vendor: Alberto Betella http://podcastgen.sourceforge.net/ Vulnerable Version: 1.3 Vendor Notification: 20 January 20...

XSS vulnerability in diafan.CMS

Vulnerability ID: HTB22775 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityindiafancms.html Product: diafan.CMS Vendor: Diafan http://www.diafan.ru/ Vulnerable Version: 4.3 and probably prior versions Vendor Notification: 28 December 2010 Vulnerability Type: Stored XSS Cross Site...

Google Chrome multiple vulnerabilities - Dec 10(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec 10Windows Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...

Null pointer dereference

browser/workerhost/messageportdispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted JavaScript cod...