Cross site scripting

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Cross-site scripting XSS vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, related to the "PHPSELF" variable...

CVE-2012-5343

Limny 3.0.1 admin/login.php is vulnerable to Cross‑Site Scripting via PATH_INFO (PHP_SELF). OpenVAS confirms a Limny XSS issue; no explicit patch/fix details are provided in the supplied documents. A Limny 3.0.2.x release is referenced, but no confirmed remediation is stated here.

CVE-2011-5190

Multiple cross-site scripting XSS vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to 1 signup.php, 2 lostpass.php, 3 login.php, 4 index.php, 5 helptos.php, 6 helpcontact.php, or 7 help.php...

Sql injection

Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters...

CVE-2012-2105

Timesheet Next Gen 1.5.2 contains multiple SQL injection vulnerabilities in login.php that allow remote attackers to execute arbitrary SQL commands through the username or password parameters. This CVE entry is supported by NVD/NVD-derived records and multiple references. No remediation or fix de...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the fusername parameter...

CVE-2012-4679

CVE-2012-4679: A cross-site scripting (XSS) vulnerability exists in Newscoop's admin/login.php prior to version 3.5.5, exploitable via the f_user_name parameter to inject arbitrary web script/HTML. The issue stems from insufficient input handling in that parameter, enabling remote attackers to ex...

Hotel Booking Portal v0.1 Multiple Vulnerabilities

Exploit for php platform in category web applications ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- Hotel Booking Portal v0.1 Multiple...

InterPhoto Image Gallery 2.5.1 Cross Site Scripting

HTTPCS Advisory : HTTPCS67 Product : InterPhoto Image Gallery Version : 2.5.1 Date : 2012-08-07 Criticality level : Less Critical Description : A vulnerability has been discovered in InterPhoto Image Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks. Inpu...

Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection

This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec call in proxyfile, thus results in remote code execution under the context of the web...

Multiple vulnerabilities in osCmax

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in osCmax, which can be exploited to perform SQL Injection and Cross-Site Scripting XSS attacks. 1 Multiple Cross-Site Scripting XSS in osCmax: CVE-2012-1664 1.1 Input passed via the "username" POST parameter to...

Open redirect

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 1 r parameter to switch.php or 2 goto parameter to admin/login.php...

CVE-2012-1020

CVE-2012-1020 affects NexorONE Online Banking: XSS in login.php where an attacker can inject arbitrary script/HTML by supplying (1) visitor_language to register.php or (2) message parameter. Public records (NVD, CVE List, PRION) confirm the vulnerability across multiple references, with the attac...

XRayCMS 1.1.1 - SQL Injection

Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability Date: 2/5/2012 Author: chap0 Software Link: http://sourceforge.net/projects/xraycms/files/latest/download Version: 1.1.1 Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attack which allows authentication bypass into the admins...

CVE-2012-0932

CVE-2012-0932 concerns a cross-site scripting (XSS) vulnerability in Lead Capture Page System’s admin/login.php, exploitable via the message parameter. The issue allows remote attackers to inject arbitrary web script or HTML, as documented in multiple sources (NVD, OpenVAS, CVE listings). The rel...

Lead Capture - 'login.php' Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/51785/info Lead Capture is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

Lead Capture - login.php Script Cross-Site Scripting

Lead Capture - login.php Script Cross-Site Scripting source: https://www.securityfocus.com/bid/51785/info Lead Capture is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script cod...

Limny 3.0.1 - 'login.php' Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/51261/info Limny is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

Limny 3.0.1 - login.php Script Cross-Site Scripting

Limny 3.0.1 - login.php Script Cross-Site Scripting source: https://www.securityfocus.com/bid/51261/info Limny is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...