CVE-2008-1621

GeegCarts is affected by CVE-2008-1621 with malicious scripts injectable through the id parameter to show.php, search.php, and view.php. The issue is described as multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary web script or HTML. Affected...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

CVE-2008-1225

WebCT Campus Edition 4.1.5.8 contains multiple XSS vulnerabilities when “Don’t wrap text” is enabled, allowing remote authenticated users to inject arbitrary script/HTML via a mail message or discussion board message. Root cause is input handling in the discussion/mail features; exploit details a...

CVE-2008-1183

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

CVE-2008-0872

Cross-site scripting XSS vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message...

CVE-2008-0642

CVE-2008-0642 describes a cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, potentially involving WebHelp5 (WebHelp5Ext) or WildFire (WildFireExt) extensions. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors and is...

CVE-2008-0642

Cross-site scripting XSS vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a 1 WebHelp5 WebHelp5Ext or 2 WildFire WildFireExt extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via 1 the viewtype parameter to graph.php; 2 the filter parameter to graphview.php; 3 the action parameter to the drawnavigationtext...

[OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed

======================================================================== Openads security advisory OPENADS-SA-2008-001 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter...

CVE-2008-0409

Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...

Debian Security Advisory DSA 775-1 (mozilla)

The remote host is missing an update to mozilla announced via advisory DSA 775-1. A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this and...

Debian Security Advisory DSA 925-1 (phpbb2)

The remote host is missing an update to phpbb2 announced via advisory DSA 925-1. Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3310 Multiple...

Debian: Security Advisory (DSA-988-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

CVE-2007-6244

Adobe Flash Player (Flash-plugin) vulnerable to cross-site scripting via asfunction: and navigateToURL in the ActiveX/Plug-in context. Affected: Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0. Root cause: input validation issues when processing SWF parameters and asfunction: usage, per RH...

CVE-2007-6433

CVE-2007-6433 affects JBoss Seam 2.x before 2.0.0.CR3. The vulnerability resides in getRenderedEjbql / setOrder in the org.jboss.seam.framework.Query class, where user-supplied order parameters are not properly validated, allowing remote attackers to inject and execute arbitrary EJB QL commands. ...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6135

PHPSlideShow 0.9.9.2 contains a Cross-site Scripting (XSS) vulnerability in phpslideshow.php, exploitable via the directory parameter. The issue, originally noted for toonchapter8.php, allows remote attackers to inject arbitrary web script or HTML. The available data describe the vulnerable compo...

Sciurus Hosting Panel Remote Code Injection Exploit

Exploit for unknown platform in category web applications =================================================== Sciurus Hosting Panel Remote Code Injection Exploit ===================================================...