Goolery 0.3 viewpic.php conversation_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems presen...

auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12708/info auraCMS is affected by multiple cross-site scripting vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input. Because of these vulnerabilities, an attacker may...

Clickcess ChitChat.NET name XSS

No description provided by source. source: http://www.securityfocus.com/bid/8417/info It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem ma...

Clickcess ChitChat.NET topic title XSS

No description provided by source. source: http://www.securityfocus.com/bid/8417/info It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem ma...

Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a...

AldWeb MiniPortail 1.9/2.x LNG Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized fr...

CutePHP CuteNews 1.3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of...

WeBid 1.0.2 persistent XSS via SQL Injection

No description provided by source. Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: powered by WeBid Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql full...

Mozilla Firefox 2.0.0.3 Href Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23747/info Firefox is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits can allow attackers to...

XOOPS 1.0 RC3 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a us...

OmniHTTPD 1.1/2.0.x/2.4 Sample Application URL Encoded Newline HTML Injection

No description provided by source. source: http://www.securityfocus.com/bid/5572/info OmniHTTPD is a webserver for Microsoft Windows operating systems. OmniHTTPD supports a number of CGI extensions which provide dynamic content. A HTML injection vulnerability has been reported in the...

FTLS GuestBook 1.1 Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6686/info Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook. The attacker's script code may be...

Ruby Gem Features 0.3.0 Injection

Title: Features 0.3.0 Ruby gem file injection vulnerability Date: 9/1/2013 Author: Larry W. Cashdollar @larry0 Download: http://rubygems.org/gems/features Description: "Plaintext User Stories Parser supporting native programming languages. Especially Objective-C" Same vulnerability as...

Show In Browser 0.0.3 Ruby Gem File Injection Vulnerability

Show In Browser 0.0.3 is a Ruby Gem that suffers from a file injection vulnerability, allowing arbitrary text to be opened in a browser. TITLE: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability. DATE: 5/15/2023 AUTHOR: Larry W. Cashdollar @larry0 DOWNLOAD:...

Microsoft Internet Explorer Mouse Movement Information Disclosure

A design weakness vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in reference counting while handling the fireEvent method. Remote attackers can exploit this vulnerability by enticing the target user to view a malicious HTML document...

RIM BlackBerry PlayBook OS 1.0.8.6067 Local File Access Vulnerability

The web browser which comes as part of the RIM BlackBerry PlayBook OS can be tricked into disclosing the contents of local files through the planting of a malicious HTML file through the standard download mechanism. It should be noted that in order to exploit this issue, user interaction is...

RedHat Update for thunderbird RHSA-2011:0311-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2011:0311-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

RedHat Update for thunderbird RHSA-2011:1166-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Multiple vulnerabilities in Intuit QuickBooks

Overview Intuit QuickBooks 2009 through 2012 have been reported to contain a file disclosure and heap corruption vulnerability. Description Derek Soeder's vulnerability report states the following:Intuit Help System Protocol File Retrieval The vulnerability described in this document can be...

WordPress Malware Spreading Through Infected Modules

In this video Chris Astacio of Websense describes a malware attack that’s spreading through an infected modulefound in many WordPress themesnamed TimThumb.php.By taking advantage of the vulnerability, attackers can remotely access sites running the platform and insert malicious HTML to direct use...