3014 matches found
CVE-2008-2646
Multiple cross-site scripting XSS vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sql parameter to dbadd.inc.php, 2 InsertJournal parameter to addjournalmask.inc.php, 3 InsertBibliography parameter to insertmask.inc.php, and 4 LabelYear...
fastfree-rfi.txt
Fast Free Media Script Remote Code Ýnjection Exploit Coded By Liz0ziM Web:www.biyosecurity.com Dork:"Powered by FastFreeMedia.com" & inurl:cat-1-p0.html & inurl:page.php?page=topvids & inurl:page.php?page=topgames TARGET HOST: Example:www.sexwhispers.com TARGET PATH: Example:/ or /scriptpath/ ADM...
CVE-2008-1947
CVE-2008-1947 is an XSS vulnerability in Apache Tomcat, affecting 5.5.9–5.5.26 and 6.0.0–6.0.16. It allows remote attackers to inject arbitrary web script or HTML via the name parameter (the hostname attribute) to host-manager/html/add. The connected documents confirm the affected product/version...
F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞
BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求,如果登录用户拥有Resource Manager或Administrator权限的话,就可以注入任意Perl代码,生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3:...
Code injection
The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...
CVE-2008-1621
GeegCarts is affected by CVE-2008-1621 with malicious scripts injectable through the id parameter to show.php, search.php, and view.php. The issue is described as multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary web script or HTML. Affected...
Cross site scripting
Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...
CVE-2008-1225
WebCT Campus Edition 4.1.5.8 contains multiple XSS vulnerabilities when “Don’t wrap text” is enabled, allowing remote authenticated users to inject arbitrary script/HTML via a mail message or discussion board message. Root cause is input handling in the discussion/mail features; exploit details a...
CVE-2008-1183
Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...
CVE-2008-0872
Cross-site scripting XSS vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message...
CVE-2008-0642
Cross-site scripting XSS vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a 1 WebHelp5 WebHelp5Ext or 2 WildFire WildFireExt extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...
CVE-2008-0642
CVE-2008-0642 describes a cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, potentially involving WebHelp5 (WebHelp5Ext) or WildFire (WildFireExt) extensions. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors and is...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via 1 the viewtype parameter to graph.php; 2 the filter parameter to graphview.php; 3 the action parameter to the drawnavigationtext...
[OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed
======================================================================== Openads security advisory OPENADS-SA-2008-001 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter...
CVE-2008-0409
Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...
Debian Security Advisory DSA 925-1 (phpbb2)
The remote host is missing an update to phpbb2 announced via advisory DSA 925-1. Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3310 Multiple...
Debian Security Advisory DSA 775-1 (mozilla)
The remote host is missing an update to mozilla announced via advisory DSA 775-1. A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this and...
Debian: Security Advisory (DSA-988-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2007-6652
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...