Skype Community Cross Site Scripting

Title: ====== Skype Community - Mail Encoding Web Vulnerability Date: ===== 2013-02-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=800 MSRC ID: 13493 VL-ID: ===== 800 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...

Nagios XI Alert Cloud Cross-Site Scripting

A reflected cross-site scripting vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient sanitization of HTTP GET requests sent to index.php. An attacker entices a user to click on a URL containing malicious script code in the parameters. The vulnerability is...

Kaspersky PM 5.0.0.164 - Software Filter Vulnerability

Document Title: =============== Kaspersky PM 5.0.0.164 - Software Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=612 Release Date: ============= 2012-07-12 Vulnerability Laboratory ID VL-ID: ==================================== 612...

Car Portal CMS v3.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Introduction: ============= Car Portal is a php software product for running auto classifieds websites. It provides functionality for the private sellers to sign up, list their c...

Car Portal CMS 3.0 - Multiple Vulnerabilities

Car Portal CMS 3.0 - Multiple Vulnerabilities Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=502 VL-ID: ===== 502 Introduction: ============= Car Portal is a php software product fo...

LDAP Account Manager Pro 3.6 跨站脚本和HTML注入漏洞

LDAP Account Manager LAM是一个基于浏览器的LDAP帐号管理系统 LDAP Account Manager LAM存在多个持久型输入校验漏洞，允许攻击者在应用程序段实现恶意脚本代码，成功利用漏洞操作数据或劫持会话user/mod/admin 另外也受客户端跨站脚本漏洞，允许攻击者劫持目标用户/admin会话 0 LDAP Account Manager Pro 3.6 厂商解决方案 目前没有详细解决方案提供： http://lam.sourceforge.net/index.htm...

ATMAIL WebMail v6.3.4 - Multiple Web Vulnerabilities

Document Title: =============== ATMAIL WebMail v6.3.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=375 Release Date: ============= 2012-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 375...

8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability

Document Title: =============== 8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability Release Date: ============= 2011-08-14 Vulnerability Laboratory ID VL-ID: ==================================== 1 Product & Service Introduction: =============================== 8pixel.net developes...

InfoSoft FusionCharts 3 - .swf Flash File Remote Code Execution

InfoSoft FusionCharts 3 - .swf Flash File Remote Code Execution source: https://www.securityfocus.com/bid/27109/info InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue t...

PHPMyQuote 0.20 - '/index.php' SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/25615/info phpMyQuote is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an SQL-injection issue, because the application fails to sanitize user-supplied input. A successful exploit may allow an attacker to...

Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection

source: https://www.securityfocus.com/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a cross-site scripting vulnerabilit...

Dating Gold 3.0.5 - header.php?int_path Remote File Inclusion

Dating Gold 3.0.5 - header.php?intpath Remote File Inclusion source: https://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues...

Dating Gold 3.0.5 - 'header.php?int_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute an arbitrary remote file containing malicious...

Dating Gold 3.0.5 - footer.php?int_path Remote File Inclusion

Dating Gold 3.0.5 - footer.php?intpath Remote File Inclusion source: https://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues...

Prototype of an PHP Application 0.1 - '/ident/loginmodif.php?path_inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to execute an arbitrary remote file...

Prototype of an PHP Application 0.1 - 'common.inc.php?path_inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to execute an arbitrary remote file...

Prototype of an PHP Application 0.1 - identindex.php?path_inc Remote File Inclusion

Prototype of an PHP Application 0.1 - identindex.php?pathinc Remote File Inclusion source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the...

Prototype of an PHP Application 0.1 - identdisconnect.php?path_inc Remote File Inclusion

Prototype of an PHP Application 0.1 - identdisconnect.php?pathinc Remote File Inclusion source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the...

Prototype of an PHP Application 0.1 - '/plugins/PHPgacl/index.php?path_inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to execute an arbitrary remote file...

Prototype of an PHP Application 0.1 - menumenuprincipal.php?path_inc Remote File Inclusion

Prototype of an PHP Application 0.1 - menumenuprincipal.php?pathinc Remote File Inclusion source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to th...