PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file

Summary One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. Details The following code in 45Quadraticequationsolver.php concatenates the user supplied...

Emumail EMU Webmail 5.2.7 emumail.fcgi Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported...

PHPBBMod 1.3.3 PHPInfo Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5942/info phpBBmod ships with a sample script phpinfo.php that may disclosure sensitive information to remote attackers. When this script is accessed, sensitive information about the underlying environment will be reveale...

Emumail EMU Webmail 5.2.7 - nit.emu Information Disclosure

source: https://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script,...

AN HTTPd Sample Script File Truncation

Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...

Stronghold swish Search Script Information Disclosure

An information disclosure vulnerability was reported in a sample script provided with Red Hat's Stronghold web server. A remote user can determine the web root directory path. A remote user can send a request to the Stronghold sample script swish to cause the script to reveal the full path to the...

ColdFusion Denial of Service vulnerability in sample script

Subject: ColdFusion Denial of Service vulnerability in sample script Software: ColdFusion Server Professional 4.5.1 Eval for Windows SP2 Risk Level: Medium Author: Niels Heinen Vendor Status: The vendor has released a document concerning this problem Exploitable: Remotely Impact of the...

Microsoft IIS 4.0 / Microsoft Site Server 3.0 - Showcode ASP

source: https://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by the web server. IIS 4.0 installs a...