Free FAQ 1.0 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20621/info Free Faq is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script...

MonoChat 1.0 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17983/info MonoChat is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script co...

CuteNews 0.88/1.3 show_archives.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10620/info It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. The problems present...

AIOCP 1.3.x cp_edit_user.php choosed_language Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...

W3C CERN httpd 3.0 Proxy Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are...

Grayscale BandSite CMS 1.1 help_merch.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated...

FTLS GuestBook 1.1 Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6686/info Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook. The attacker's script code may be...

BookReview 1.0 suggest_category.htm node Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

YaBB 9.1.2000 Cross-Agent Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3828/info YaBB Yet Another Bulletin Board is freely available web forums/community software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. YaBB...

PhotoGal 1.0/1.5 News_File Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14190/info PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker...

MyBulletinBoard 1.x UserCP.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19193/info MyBulletinBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the brows...

Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7751/info The Zeus Web Server contains a web based administration interface that is vulnerable to cross site scripting attacks. Due to insufficient sanitization of user-supplied input, it is possible for an attacker to...

Verity K2 Toolkit 2.20 Query Builder Search Script Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8074/info It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or...

FormMail-Clone Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious lin...

ArbitroWeb PHP Proxy 0.5/0.6 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10592/info It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the pro...

FreznoShop 1.2.3/1.3 Search Script Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9359/info FreznoShop is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to the software that include hostile HTML and script code. If such a link was followed by a victim user, t...

Chatness 2.5 Message Form Field HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12929/info Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. Exploitation will allow an attacker to inject hostile HTML and script code into the session ...

Captaris Infinite WebMail 3.61.5 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6411/info An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code into HTML email...

PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13276/info PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the cod...