6682 matches found
Jinzora 2.7.5 popup.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
Microsoft Internet Explorer 5.0.1 JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14282/info Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input...
Opera 7 Image Rendering HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6756/info It has been reported that, when generating HTML to display images or embedded media, Opera does not correctly format the provided URL or sufficiently encode URLs to local files. As a result of this lack of...
Ultimate Bulletin Board 6.0/6.2 UBBER Cookie HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8212/info Ultimate Bulletin Board has been reported prone to a HTML injection vulnerability. The issue likely presents itself due to a lack of sanitization performed on cookie data. It has been reported that a remote...
Microsoft Internet Explorer 5.0.1 JPEG Image Rendering CMP Fencepost Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14284/info Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue is reportedly similar to the one described in BID 14282...
PostNuke 0.6x/0.7x NS-Languages Module language Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to...
OpenFAQ 0.4 Validate.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17860/info OpenFAQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script cod...
netsurf web browser 1.2 - Multiple Vulnerabilities
No description provided by source. -------------------------------------------------------------------------------------------------------------------------------------------- Jeremy Brown 01-14-2009 [email protected]/jbrownsec.blogspot.com netsurfmultipleadv.txt...
Power Phlogger 2.2.x Cross-site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37150/info Power Phlogger is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication...
Invision Power Board 1.3 Pop Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9822/info It has been reported that Invision Power Board may be prone to a cross-site scripting vulnerability. This may allow a remote attacker to cause hostile HTML or script code to be rendered in a user's browser via a...
Drupal 4.x URL-Encoded Input HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16117/info Drupal is prone to an HTML injection vulnerability when handling URL-encoded HTML and script code in message content. This issue is due to a failure in the application to properly sanitize user-supplied input...
Poppler <= 0.8.4 libpoppler uninitialized pointer Code Execution PoC
No description provided by source. Felipe Andres Manzano [email protected] updates in http://felipe.andres.manzano.googlepages.com/home ''' Sumary: ======= The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability result...
Chipmunk Guestbook 1.4 Homepage HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16112/info Chipmunk Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
Barracuda Web Application Firewall 660 'cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37432/info The Barracuda Web Application Firewall 660 is prone to multiple HTML-injection vulnerabilities. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the...
Land Down Under 601/602/700/701/800/801 Events.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14746/info Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
WordPress WP-FeedStats 2.1 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25085/info The WP-FeedStats plugin for WordPress is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML...
SaralBlog 1.0 - Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16306/info saralblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...
Netscape 6.0/7.0 Style Sheet Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6937/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when rendering certain style sheet code. If a malicious page is viewed the browser reportedly becomes unstable...
Dokeos <= 1.8.4 main/calendar/myagenda.php courseCode Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...
WebCalendar 0.9.x colors.php color XSS
No description provided by source. source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, weekdetails.php,...