CVE-2008-3842

Request Validation aka the ValidateRequest filters in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a query string containing a "/"...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.2 and 4.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php and the 2...

CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

DEBIAN-CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

CVE-2008-3712

Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.2 and 4.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php and the 2...

JBossEAP status servlet info leak

JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...

Directory traversal

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. d...

CVE-2008-3315

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the 1 query string to a announcements/messages.php; b lostPassword.php and c profile.php in auth/; d calendar/myagenda.php; e group/group.php; f learningPath.php...

CVE-2008-3315

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the 1 query string to a announcements/messages.php; b lostPassword.php and c profile.php in auth/; d calendar/myagenda.php; e group/group.php; f learningPath.php...

CVE-2007-3650

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Academic Web Tools AWT YEKTA 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to login.php and the 2 glbsid parameter to hta/htmlarea.js.php, and allow remote authenticated...

Unfixed XSS vulnerability at www.entreparticuliers.com

Security researcher xerces, has submitted on 19/06/2008 a cross-site-scripting XSS vulnerability affecting www.entreparticuliers.com, which at the time of submission ranked 21877 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2008. It is...

Cross site scripting

Cross-site scripting XSS vulnerability in WGate in SAP Internet Transaction Server ITS 6.20 allows remote attackers to inject arbitrary web script or HTML via 1 a "" sequence in the service parameter to wgate.dll, or 2 Javascript splicing in the query string, a different vector than CVE-2006-5114...

Cross site scripting

Cross-site scripting XSS vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2008-2030

Cross-site scripting XSS vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2008-2030

Cross-site scripting XSS vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

Cross site scripting

Cross-site scripting XSS vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string...

Design/Logic Flaw

The File Check Utility fcheck.exe in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service CPU consumption or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability...

CVE-2008-1322

The File Check Utility fcheck.exe in ASG-Sentry Network Manager 7.0.0 and earlier allows remote attackers to cause a denial of service CPU consumption or overwrite arbitrary files via a query string that specifies the -b option, probably due to an argument injection vulnerability...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to 1 my.activation.php3 and 2 my.logon.php3...