Microsoft Skype Shop - GiftCards Persistent Vulnerability

Document Title: =============== Microsoft Skype Shop - GiftCards Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=826 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13603 MICROSOFT SECURITY RESPONSE CENTER MSRC MANAGER: CL Release...

nCircle patches PureCloud vulnerability scanner on Vulnerability-Lab report

The Vulnerability-Laboratory Research Team discovered persistent and client side POST Injection web vulnerability in the nCircle PureCloud cloud-based Vulnerability Scanner Application. The vulnerability allows an attacker to inject own malicious script code in the vulnerable module on applicatio...

WordPress Plugin WP-Table Reloaded - id Cross-Site Scripting

WordPress Plugin WP-Table Reloaded - id Cross-Site Scripting source: https://www.securityfocus.com/bid/57664/info The WP-Table Reloaded plugin for WordPress is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Drupal 6.x < 6.28 / 7.x < 7.19 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.28 or 7.x prior to 7.19. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to properly sanitized user-supplied input to certain Drupal JavaScript...

MantisBT CVE-2013-1934 HTML Injection Vulnerability

Description MantisBT is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied data. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

WordPress Theme Chocolate WP - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/57541/info The Chocolate WP Theme for WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, upload arbitrary files to the affected computer, or execute arbitrary script code i...

Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in GetSimple CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. The application has XSS filter, however it can be bypassed as demonstrated below. 1 Cross-Site Scripting XSS in GetSimple CMS:...

WordPress Chocolate Theme - Multiple Security Vulnerabilities

The Chocolate Theme is prone to multiple security vulnerabilities. These vulnerabilities allow an attacker to cause denial-of-service conditions, execute arbitrary script code in the browser of an user in the context of the affected site or upload arbitrary files. Other attacks are also possible...

WordPress Theme Chocolate WP - Multiple Vulnerabilities

WordPress Theme Chocolate WP - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/57541/info The Chocolate WP Theme for WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, upload arbitrary files to t...

gpEasy CMS - section Cross-Site Scripting

gpEasy CMS - section Cross-Site Scripting source: https://www.securityfocus.com/bid/57522/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/57514/info Perforce P4Web is prone to multiple cross site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/57463/info Apache OFBiz is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting...

Cerberus FTP Server < 5.0.6.0 Multiple XSS

The version of Cerberus FTP server on the remote host is earlier than 5.0.6.0. As such, it is potentially affected by the following cross- site scripting vulnerabilities : - The user-supplied input for fields under administration 'Messages' tab are not validated before being returned to the user....

phlyLabs phlyMail Lite Multiple Vulnerabilities

phlyLabs phlyMail Lite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting

phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities input type="hi...

TinyBrowser /tiny_mce/plugins/tinybrowser/upload.php type Parameter XSS

TinyBrowser /tinymce/plugins/tinybrowser/upload.php type Parameter XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to...

MS System Center Operations Manager XSS Vulnerabilities (2748552)

This host is missing an important security update according to Microsoft Bulletin MS13-003. OpenVAS Vulnerability Test $Id: secpodms13-003.nasl 6520 2017-07-04 14:28:49Z cfischer $ MS System Center Operations Manager XSS Vulnerabilities 2748552 Authors: Rachana Shetty Copyright: Copyright c 2013...

tinybrowser - type Cross-Site Scripting

tinybrowser - type Cross-Site Scripting source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting...

TinyBrowser - &#039;edit.php&#039; Directory Listing

source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

TinyBrowser - edit.php Directory Listing

TinyBrowser - edit.php Directory Listing source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting...