gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting

Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...

gp Easy CMS Minishop 1.5 Cross Site Scripting

Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...

gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting

gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link:...

Opera Multiple Denial of Service Vulnerabilities - June12 (Linux)

The host is installed with Opera and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultdosvulnjune12lin.nasl 6018 2017-04-24 09:02:24Z teissa $ Opera Multiple Denial of Service Vulnerabilities - June12 Linux Authors: Sooraj KS Copyright: Copyright ...

Opera Multiple Denial of Service Vulnerabilities - June12 (Windows)

The host is installed with Opera and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultdosvulnjune12win.nasl 5931 2017-04-11 09:02:04Z teissa $ Opera Multiple Denial of Service Vulnerabilities - June12 Windows Authors: Sooraj KS Copyright: Copyrigh...

Opera Multiple Denial of Service Vulnerabilities - June12 (Mac OS X)

The host is installed with Opera and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultdosvulnjune12macosx.nasl 5912 2017-04-10 09:01:51Z teissa $ Opera Multiple Denial of Service Vulnerabilities - June12 Mac OS X Authors: Sooraj KS Copyright:...

Opera Multiple Denial of Service Vulnerabilities (Jun 2012) - Windows

Opera is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Multiple Denial of Service Vulnerabilities (Jun 2012) - Mac OS X

Opera is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Flash Player Malicious JavaScript Code Execution (APSB12-14; CVE-2012-2035)

A remote code execution vulnerability has been reported in Adobe Flash Player...

CVE-2012-3566

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service application hang via JavaScript code that changes a form before submission...

Privilege escalation

Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service application hang via JavaScript code that changes a form before submission...

CVE-2011-3103

Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted JavaScript code...

CVE-2011-3103

CVE-2011-3103 affects Chromium/V8: Google Chrome before 19.0.1084.52. The issue is in garbage collection in V8, allowing a remote attacker to crash the browser (potentially other impact). Gentoo GLSA 201205-04 and OpenVAS entries corroborate multiple vulnerabilities in Chromium/V8 with high risk;...

Kaseya 6.2.0.0 Cross Site Scripting

Summary The Kaseya version 6.2.0.0 web interface and possibly other versions is vulnerable to Cross-Site Scripting in the "adminName" variable. 2. Description By submitting malicious input such as the following, it is possible to render javascript in the security context of the Kaseya server:...

CVE-2012-0458

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...

CVE-2012-0458

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...

CVE-2012-0585

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the 1 pushState or 2 replaceState method...

Design/Logic Flaw

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the 1 pushState or 2 replaceState method...

Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/52358/info Barracuda CudaTel Communication Server is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site,...

couchdb -- DOM based Cross-Site Scripting via Futon UI

Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...