Prototype of an PHP Application 0.1 - pluginsPHPgaclindex.php?path_inc Remote File Inclusion

Prototype of an PHP Application 0.1 - pluginsPHPgaclindex.php?pathinc Remote File Inclusion source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to...

Prototype of an PHP Application 0.1 - 'index.php?path_inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to execute an arbitrary remote file...

Prototype of an PHP Application 0.1 - '/menu/menuprincipal.php?path_inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to execute an arbitrary remote file...

FlashChat F_CMS 4.7.9 - Multiple Remote File Inclusions

FlashChat FCMS 4.7.9 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/24190/info FlashChat is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/19105/info Advanced Poll is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containing malicious script code...

Update Protection against Geeklog Remote Code Execution Vulnerability

Geeklog is a PHP/MySQL based application for managing dynamic web content. Geeklog CMS fails to validate multiple file extensions, potentially allowing a remote attacker to upload malicious script code, which will be executed in the context of the webserver process...

eNpaper1 - 'Root_Header.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/18649/info eNpaper1 is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containing malicious script code execute...

PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusions

PHP Blue Dragon CMS 2.9.1 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18609/info PHP Blue Dragon CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage thes...

CMS Faethon 1.3.2 - Multiple Remote File Inclusions

CMS Faethon 1.3.2 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18489/info CMS Faethon is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to have...

Mozilla Firefox 1.0/1.5 XBL - MOZ-BINDING Property Cross-Domain Scripting

source: https://www.securityfocus.com/bid/16427/info Mozilla Firefox is prone to a security vulnerability that may let a Web page execute malicious script code in the context of an arbitrary domain. The issue affects the '-moz-binding' property. This could allow a malicious site to access the...

CactuShop XSS and SQL injection flaws

The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...

RM SafetyNet Plus XSS

The remote host runs SafetyNet Plus, a popular educational filtering service. This version is vulnerable to multiple cross-site scripting due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerab...

BlackBoard Internet Newsboard System remote file include flaw

The remote version of BlackBoard Internet Newsboard System is vulnerable to a remote file include flaw due to a lack of sanitization of user-supplied data. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200509-16 Mantis: XSS and SQL injection vulnerabilities Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could...

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...

GLSA-200504-08 : phpMyAdmin: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200504-08 phpMyAdmin: XSS vulnerability Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the 'convcharset' variable, rendering it vulnerable to cross-site scripting attacks. Impact : By sending a...

SonicWALL SOHO Web Interface XSS

The remote host is a SonicWALL SOHO appliance. This version is affected by multiple issues, specifically a cross- site scripting vulnerability due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious script code on a...

Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption

source: https://www.securityfocus.com/bid/12031/info The Windows Media Player ActiveX control is prone to a security weakness. The issue is that the control may be abused by a Web page to change attributes of media files such as MP3. An attacker can influence attributes such as the artist, song...

Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting

Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script co...