BigACE 2.7.5 - 'LANGUAGE' Directory Traversal

source: https://www.securityfocus.com/bid/66350/info BIGACE Web CMS is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access o...

iScripts AutoHoster - 'id' Local File Inclusion

source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit laten...

iScripts AutoHoster - 'fname' Local File Inclusion

source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit laten...

Cisco ASA WebVPN XSS

According to its self-reported version, the remote Cisco ASA is missing a security patch and is affected by a cross-site scripting vulnerability in the WebVPN portal login page. An attacker could exploit this by tricking a user into requesting a specially crafted URL, resulting in arbitrary scrip...

FluxBB 1.5.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-si...

Air Drive Plus - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/61081/info Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection vulnerability. An attacker can exploit these issues to upload...

MS13-035: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

The version of InfoPath, SharePoint Server, SharePoint Foundation, Groove Server, or Office Web Apps running on the remote host is affected by an unspecified cross-site scripting vulnerability. An attacker could exploit this by tricking a user into requesting specially crafted SharePoint content,...

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / input type="hidden" name="ins...

Axis Commerce 0.8.7.2 Cross Site Scripting Vulnerability

Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities. Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities alert'XSS';", "base":"TESTSTRING",...

Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/55760/info Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application,...

PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55405/info phpFox is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Sitemax Maestro - SQL Injection / Local File Inclusion

source: https://www.securityfocus.com/bid/55386/info Sitemax Maestro is prone to SQL-injection and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data,...

LISTSERV 16 - 'SHOWTPL' Cross-Site Scripting

source: https://www.securityfocus.com/bid/55082/info LISTSERV is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage...

Barracuda Application Validation Filter Bypass

Title: ====== Barracuda Appliances - Validation Filter Bypass Vulnerability Date: ===== 2012-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=661 VL-ID: ===== 661 Common Vulnerability Scoring System: ==================================== 5.5 Abstract: ========= The...

AVA VoIP - Multiple Vulnerabilities

AVA VoIP - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/54591/info AVA VoIP is prone to multiple security vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...

Microsoft Internet Explorer CVE-2012-1522 Cached Object Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...

MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (MSSQL check)

Binary data ms12-040mssql.nbin...

Symantec Web Gateway timer.php XSS (SYM12-006)

The remote web server is hosting a version of Symantec Web Gateway that is vulnerable to cross-site scripting attacks. Input to the 'l' parameter of timer.php is not properly sanitized. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary scrip...

Microsoft Internet Explorer CVE-2012-0168 Print Feature Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...