Jax PHP Scripts 1.0/1.34/2.14/3.31 sign_in.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 dwt_editor.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

PostNuke 0.72x Members_List Module Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/7218/info Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provi...

MoreGroupWare 0.6.8 WEBMAIL2_INC_DIR Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a moregroupware URI variable...

deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability

No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...

MediaWiki 1.3.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. ...

JSBoard 2.0.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If...

Jax PHP Scripts 1.0/1.34/2.14/3.31 petitionbook Script User IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 archive.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 guestbook File Client IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 jax_calendar.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 ips2block Banned IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

List of 8,000 FTP Credentials for Sale in Underground Forums

Hackers are targeting FTP upload sites with the hopes of redirecting victims to spam or even infecting webservers that rely on FTP applications for updates. Hold Security reported yesterday it had secured a list of credentials for close to 7,800 FTP sites being circulated in cybercrime forums. Th...

CVE-2013-5013

Multiple cross-site scripting XSS vulnerabilities in the management console on the Symantec Web Gateway SWG appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via 1 vectors involving PHP scripts and 2 unspecified other vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the management console on the Symantec Web Gateway SWG appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via 1 vectors involving PHP scripts and 2 unspecified other vectors...

Apache suEXEC - Information Disclosure / Privilege Escalation

Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as...

Symantec Endpoint Protection Management Console RCE Vulnerability

Symantec Endpoint Protection is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Input validation

The management console in Symantec Endpoint Protection SEP 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via...

Symantec Endpoint Protection Management Consoles Multiple Issues

SUMMARY The management console in Symantec Endpoint Protection Manager SEPM and Symantec Protection Center SPC for SEP 12.0 Small Business Edition, contains PHP scripts that do not properly validate external input. This could potentially result in remote code execution. Symantec Network Access...

Mapserver for Windows Local File Include Vulnerability

Mapserver for WindowsMS4W is prone to a local file include vulnerability because it fails to sufficiently sanitize user supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...