SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities

Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site...

ULoki Community Forum 2.1 Cross Site Scripting

Exploit Title: ULoki Community Forum v2.1 usercp.php Cross Site Scripting Date: 10/02/2010 Author: Sioma Labs Software Link: http://www.uloki.com/download/ulokiforum06may2009.zip Version: v2.1 Tested on: Windows SP 2 / WAMP CVE : Code : / | | | | | \ | |/ | ' \ / | | | / | ' / | | | | | | | | |...

CVE-2008-6876

Cross-site scripting XSS vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037...

CVE-2009-2033

Cross-site scripting XSS vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter aka the message in an article comment or 2 the searchterm parameter aka the search post form. NOTE: some of these details are obtained from thi...

CVE-2009-0857

Cross-site scripting XSS vulnerability in /prm/reports in the Performance Reporting Module PRM for Sun Management Center SunMC 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console...

CVE-2009-0247

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...

CVE-2009-0247

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...

CVE-2008-2165

Cross-site scripting XSS vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager BBSM Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in bsauth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter to msg.jsp, and the 2 contentid parameter to tc/contents/home001.jsp...

CVE-2007-5480

Multiple cross-site scripting XSS vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter to msg.jsp, and the 2 contentid parameter to tc/contents/home001.jsp...

CVE-2007-5480

CVE-2007-5480 concerns multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop. The affected components are the web interfaces handling user-supplied data: the msg.jsp endpoint (parameter: msg) and the tc/contents/home001.jsp page (parameter: contentid). The root cause is unva...

HP-UX Security Patch : PHSS_31006

X OV ITO7.1X Msg/Act Linux Agent A.07.25 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26719; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

HP-UX Security Patch : PHSS_32099

X OV ITO7.1X Msg/Act Linux Agent A.07.28 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26736; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

HP-UX Security Patch : PHSS_29643

X OV ITO7.1X Msg/Act Linux Agent A.07.22 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26675; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

HP-UX Security Patch : PHSS_30204

X OV ITO7.1X Msg/Act Linux Agent A.07.23 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26687; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...