78 matches found
[security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02000727 Version: 1 HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin shoul...
ProCheckUp Security Advisory 2009.19
PR09-19: Cross-Site Scripting XSS on CommonSpot server Vulnerability found: 17th December 2009 Vendor informed: 18th December 2009 Severity: Medium Successfully tested on: Commonspot server http://www.paperthin.com/ Description: Commonspot server is vulnerable to a vanilla XSS Vulnerable...
PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager)
PR09-15: XSS injection vulnerability within HP System Management Homepage Insight Manager Vulnerability found: 11th October 2009 Severity: Medium Description: A XSS vulnerability has been found within HP System Management; Arising from insufficient input filtering. By using a specially-crafted...
Various Orion application application server example pages are vulnerable to XSS.
R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...
XSS with mod_perl perl_status utility
Vulnerability found: 28th February 2009 Vendor informed: 1st March 2009 Advisory last updated: 1st March 2009 Severity: Medium/High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com CVE reference: CVE-2009-0796 BID: 34383 Many thanks to Torsten Foertsch for his kind assistance in fixing...
Mod-Perl Perl-Status Cross Site Scripting
Vulnerability found: 28th February 2009 Vendor informed: 1st March 2009 Advisory last updated: 1st March 2009 Severity: Medium/High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com CVE reference: CVE-2009-0796 BID: 34383 Many thanks to Torsten Foertsch for his kind assistance in fixing...
PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks
PR08-21: Cross-site Request Forgery CSRF on Novell GroupWise WebAccess allows email theft and other attacks Vulnerability found: 3rd October 2008 Vendor contacted: 3rd October 2008 Advisory publicly released: 30th January 2009 Severity: Critical Credits: Adrian Pastor of ProCheckUp Ltd...
PR08-22: Persistent XSS on Novell GroupWise WebAccess
PR08-22: Persistent XSS on Novell GroupWise WebAccess Vulnerability found: 2nd October 2008 Vendor contacted: 3rd October 2008 Advisory publicly released: 30th January 2009 Severity: High Credits: Jan Fry of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Novell for working with us in such a...
Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml Revision 1.0 For Public Release 2009 January 14 1600 UTC GMT -...
PR08-19: XSS on Cisco IOS HTTP Server
PR08-19: XSS on Cisco IOS HTTP Server Date found: 1st August 2008 Vendor contacted: 1st August 2008 Advisory publicly released: 14th January 2009 Severity: Medium Credits: Adrian Pastor of ProCheckUp Ltd www.procheckup.com Description: Cisco IOS HTTP server is vulnerable to XSS within invalid...
ProCheckUp Security Advisory 2008.19
PR08-19: XSS on Cisco IOS HTTP Server Date found: 1st August 2008 Vendor contacted: 1st August 2008 Advisory publicly released: 14th January 2009 Severity: Medium Credits: Adrian Pastor of ProCheckUp Ltd www.procheckup.com Description: Cisco IOS HTTP server is vulnerable to XSS within invalid...
PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager
PR07-11: Cross-site Request Forgery CSRF on Sun Java System Identity Manager Date Found: 11th June 2007 Vendor Contacted: 18th June 2007 Date Public: 10th November 2008 Severity: Medium/High Credits: Adrian Pastor and Jan Fry of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Sun for working...
CVE-2008-3326
Cross-site scripting XSS vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter blog entry title...
PR08-15: Several Webroot Disclosures on Moodle
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-15: Several Webroot Disclosures on Moodle Vulnerability found: 20/06/2008 Vendor informed: 25/06/2008 Vulnerability fixed: 16/07/2008 Advisory publicly released: 22/07/2008 Severity: Low Description: Moodle 1.6.5 is vulnerable to several webroot...
PR07-41: XSS on Juniper Networks Secure Access 2000
PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...
ProCheckUp Security Advisory 2007.41
PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...
ProCheckUp Security Advisory 2006.12
PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals Description: BEA Plumtree Foundation portal 6.0 and BEA AquaLogic Interaction 6.1 are vulnerable to a XSS vulnerability affecting the 'name' parameter which is submitted to the '/portal/server.pt' server-side script. Date...
ProCheckUp Security Advisory 2008.1
PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages PSP Vulnerability found: 19th December 2007 Vendor informed: 14th January 2007 Vulnerability fixed: the vendor did not respond, however a workaround has been included in the "Fix" section of this...
ProCheckUp Security Advisory 2007.38
PR07-38: XSS on sIFR Vulnerability Found: 12 November 2007 Vendor contacted: 19 November 2007 Vulnerability fixed: The issue remains unfixed. The developer of sIFR was contacted several times but did not respond. Severity: Medium Successfully tested on: sIFR 2.0.2 Description: Sites using sIFR to...
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...