S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/61138/info Serendipity is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability

Document Title: =============== FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1007 Release Date: ============= 2013-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 1007...

vBulletin vBShout Mod - Persistent Cross-Site Scripting

vBulletin vBShout Mod - Persistent Cross-Site Scripting Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

Air Drive Plus - Multiple Input Validation Vulnerabilities

Air Drive Plus - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/61081/info Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection...

Air Drive Plus - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/61081/info Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection vulnerability. An attacker can exploit these issues to upload...

WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/60905/info The Category Grid View Gallery plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

WordPress Plugin Xorbin Digital Flash Clock - widgetUrl Cross-Site Scripting

WordPress Plugin Xorbin Digital Flash Clock - widgetUrl Cross-Site Scripting source: https://www.securityfocus.com/bid/60862/info The Xorbin Digital Flash Clock plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An...

WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Cross-Site Scripting

source: https://www.securityfocus.com/bid/60862/info The Xorbin Digital Flash Clock plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

WordPress Plugin Xorbin Analog Flash Clock - widgetUrl Cross-Site Scripting

WordPress Plugin Xorbin Analog Flash Clock - widgetUrl Cross-Site Scripting source: https://www.securityfocus.com/bid/60860/info The Xorbin Analog Flash Clock plugin is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...

Motion Camera Video Signal Monitor Multiple Vulnerabilities

This host is installed with Motion Video Signal Monitor and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmotioncamvideosigmonmultvuln.nasl 6104 2017-05-11 09:03:48Z teissa $ Motion Camera Video Signal Monitor Multiple Vulnerabilities Authors: Thanga Prakash S...

Xaraya - Multiple Cross-Site Scripting Vulnerabilities

Xaraya - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/60795/info Xaraya is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML a...

FtpLocate - HTML Injection

FtpLocate - HTML Injection source: https://www.securityfocus.com/bid/60760/info FtpLocate is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the...

Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability

Document Title: =============== Barracuda CudaTel 2.6.02.04 - Persistent Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=777 BARRACUDA NETWORK SECURITY ID: BNSEC-834 Release Date: ============= 2013-06-20 Vulnerability Laboratory ID VL-ID:...

Gallery 3.0.x < 3.0.8 Multiple XSS

According to its version number, the Gallery install hosted on the remote web server contains cross-site scripting vulnerabilities in the 'uploadify.swf' and 'flowplay.swf' files, where URL fragments and parameters are not properly sanitized when called via direct requests. An attacker may be abl...

TaxiMonger for Android - &#039;name&#039; HTML Injection

source: https://www.securityfocus.com/bid/60566/info TaxiMonger for Android is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser,...

WordPress Theme Ambience - src Cross-Site Scripting

WordPress Theme Ambience - src Cross-Site Scripting source: https://www.securityfocus.com/bid/60458/info The Ambience theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

Linkedin Social Network - Persistent Web Vulnerability

Document Title: =============== Linkedin Social Network - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=962 Linkedin Security Ticket ID: 130429-005211 Release Date: ============= 2013-06-07 Vulnerability Laboratory ID VL-ID...

Caucho Resin - &#039;index.php?logout&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/60426/info Resin Professional is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...

Multiple XSS Vulnerabilities in Jahia xCM

High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in Jahia xCM, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application. 1 Multiple Cross-Site Scripting XSS Vulnerabilites in Jahia xCM: CVE-2013-4624 1.1 The...

Telaen 2.7.x - Cross-Site Scripting

source: https://www.securityfocus.com/bid/60288/info Telaen is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...