Persistent Cross-site Scripting (XSS)

ghost is vulnerable to persistent cross-site scripting XSS. This is because it fails to sanitize user data, thus making it possible for an attacker to supply crafted input in order to harm third party users...

Joomla Kunena Forum 3.0.5 Cross Site Scripting

Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities Class: Input Validation Error CVE N/A Remote Yes Local No Published 02/07/2014 Credit Raymond Rizk of Dionach [email protected] Vendor Kunena Vulnerable Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena...

(Pwn2Own) Microsoft Windows DirectShow Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

XOOPS 'events' Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27890/info The XOOPS 'events' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker t...

Gallery 2.0 Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/31060/info Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

AlienVault OSSIM av-centerd Util.pm set_file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of the setfile requests d...

CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities

CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52100/info Dragonfly CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

Toner Cart - 'show_series_ink.php' SQL Injection

source: https://www.securityfocus.com/bid/51530/info Toner Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting

source: https://www.securityfocus.com/bid/50785/info Prestashop is prone to an HTTP-response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This...

Code Widgets DataBound Index Style Menu - category.asp SQL Injection

Code Widgets DataBound Index Style Menu - category.asp SQL Injection source: https://www.securityfocus.com/bid/49208/info Code Widgets DataBound Index Style Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...

TWiki 5.0 - bin/login Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/44103/info TWiki is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

SaffaTunes CMS - 'news.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/40995/info SaffaTunes CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access ...

Easysitenetwork Jokes Complete Website - id Cross-Site Scripting

Easysitenetwork Jokes Complete Website - id Cross-Site Scripting source: https://www.securityfocus.com/bid/37852/info EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

MyWeight 1.0 - 'user_addfood.php?date' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43488/info MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...

Pilot Group eTraining - news_read.php Cross-Site Scripting

Pilot Group eTraining - newsread.php Cross-Site Scripting source: https://www.securityfocus.com/bid/35834/info PG eTraining is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

Pilot Group eTraining - 'courses_login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/35834/info PG eTraining is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Pixie CMS Multiple Vulnerabilities (Mar 2009) - Active Check

Pixie CMS is prone to an SQL injection SQLi vulnerability and a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...

Pre Classified Listings 1.0 - signup.asp Cross-Site Scripting

Pre Classified Listings 1.0 - signup.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/32567/info Pre Classified Listings is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Dorsa CMS - 'Default_.aspx' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31992/info Dorsa CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31152/info Paranews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...