5777 matches found
Asn Guestbook 1.5 - footer.php?version Cross-Site Scripting
Asn Guestbook 1.5 - footer.php?version Cross-Site Scripting source: https://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
Asn Guestbook 1.5 - 'header.php?version' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...
Pyrox Search 1.0.5 - Newsearch.php Whatdoreplace Cross-Site Scripting
Pyrox Search 1.0.5 - Newsearch.php Whatdoreplace Cross-Site Scripting source: https://www.securityfocus.com/bid/14343/info A cross-site scripting vulnerability affects Pyrox Search. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output ...
tForum b0.9 - member.php Cross-Site Scripting
tForum b0.9 - member.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14303/info tForum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Simple Message Board 2.0 beta1 - User.cfm Cross-Site Scripting
Simple Message Board 2.0 beta1 - User.cfm Cross-Site Scripting source: https://www.securityfocus.com/bid/14267/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may levera...
Simple Message Board 2.0 beta1 - Forum.cfm Cross-Site Scripting
Simple Message Board 2.0 beta1 - Forum.cfm Cross-Site Scripting source: https://www.securityfocus.com/bid/14266/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may...
Simple Message Board 2.0 beta1 - 'Thread.cfm' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...
Simple Message Board 2.0 beta1 - 'User.cfm' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14267/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...
FreeBSD : gzip -- directory traversal and permission race vulnerabilities (63bd4bad-dffe-11d9-b875-0001020eed82)
Problem Description Two problems related to extraction of files exist in gzip : The first problem is that gzip does not properly sanitize filenames containing '/' when uncompressing files using the -N command line option. The second problem is that gzip does not set permissions on newly extracted...
Comersus Open Technologies Comersus Cart 6.0.41 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/14183/info Comersus Cart is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise...
Jaws 0.x - Remote File Inclusion
Jaws 0.x - Remote File Inclusion source: https://www.securityfocus.com/bid/14158/info JAWS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion
MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion source: https://www.securityfocus.com/bid/14155/info MyGuestbook is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...
MyGuestbook 0.6.1 - 'Form.Inc.php3' Remote File Inclusion
source: https://www.securityfocus.com/bid/14155/info MyGuestbook is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an...
osTicket <= 1.3.1 Multiple Vulnerabilities
The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. An attacker may be able to exploit this flaw to run...
EasyPHPCalendar 6.1.5/6.2.x - 'datePicker.php?serverPath' Remote File Inclusion
source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary server-si...
EasyPHPCalendar 6.1.5/6.2.x - 'popup.php?serverPath' Remote File Inclusion
source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary server-si...
EasyPHPCalendar 6.1.5/6.2.x - 'header.inc.php?serverPath' Remote File Inclusion
source: https://www.securityfocus.com/bid/14131/info EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary server-si...
DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection
DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit coul...
I-Gallery - Folder Argument Cross-Site Scripting
source: https://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. An attacker may leverage this issue to have...
ATutor 1.4.3 - send_message.php?l Cross-Site Scripting
ATutor 1.4.3 - sendmessage.php?l Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any ...