4584 matches found
PT-2012-3613 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding. This could result in information disclosure when a us...
DEBIAN-CVE-2011-2083
Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
TYPO3 4.7 Cross Site Request Forgery
Happy Milw0rm 1337 Day!!! Congratulations all h4x0rz 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
PT-2012-3350 · Cumin · Cumin
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to r5238 Description: The issue involves multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The attack vectors involve widgets or pages...
cumin: multiple XSS flaws
Multiple cross-site scripting XSS vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 widgets or 2 pages...
cumin: multiple XSS flaws
Multiple cross-site scripting XSS vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 widgets or 2 pages...
CVE-2011-5082
Cross-site scripting XSS vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2memberproauthnetcheckoutcoupon parameter aka Coupon Code field...
CVE-2012-1099
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...
Zend Server 5.6.0 multiple remote script insertion defect and repair-vulnerability warning-the black bar safety net
!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Author: Zend Technologies Ltd. Product home page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Brid...
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...
Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities
Summary Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications. Description Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent stored XSS issues are triggered when input passed via several paramete...
MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability
Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.5 and all previous releases Vunerability type: Remote Script Execution Report Date: 2012-Feb-16 Fixed Date: 2012-Feb-20 Description A vigilant community member sent us a security notice to let us know that he found a securit...
CVE-2011-5081
Cross-site scripting XSS vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi...
flash-plugin: universal cross-site scripting flaw (APSB12-03)
Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via...
Oracle WebCenter Content idc/idcplg Multiple Parameter XSS
Oracle WebCenter Content script '/idc/idcplg' contains several parameters that are incorrectly filtered, including 'sltPageTitle' and 'redirectPageTitle'. This makes the WebCenter Content install susceptible to a reflected cross-site scripting attack. By tricking someone into clicking on a...
CVE-2011-5080
Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
EUVD-2012-1096
Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the valuetitle parameter, as demonstrated using the "Front" field in the shirt module...
UBUNTU-CVE-2012-0834
Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...
JON: Multiple XSS flaws
Multiple cross-site scripting XSS vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network aka JON or JBoss ON before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PT-2012-2868 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.3.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the dbhost, dbname, or uname parameters in the wp-admin/setup-config.php file. The vendor disputes the significance...