phpMyNewsletter 0.8 Cross Site Scripting

HTTPCS Advisory : HTTPCS116 Product : phpMyNewsletter Version : v0.8 Page : /admin/?page=subscribers Variables : page=VulnHTTPCS Type : XSS Method : POST Description : A vulnerability has been discovered in phpMyNewsletter, which can be exploited by malicious people to conduct cross-site scriptin...

Axis Commerce 0.8.7.2 Cross Site Scripting Vulnerability

Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities. Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities alert'XSS';", "base":"TESTSTRING",...

Elastix - 'page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56746/info Elastix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56737/info The Video Lead Form plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

TomatoCart 'json.php' Directory Traversal Vulnerability

TomatoCart is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zenphoto Verisign_logon.php redirect Parameter XSS

The version of Zenphoto installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user input to the 'redirect' parameter of the 'zp-core/zp-extensions/federatedlogon/Verisignlogon.php' script. An attacker may be able to leverage this...

Wordfence Plugin for WordPress 'email' Parameter XSS

The version of the Wordfence plugin for WordPress installed on the remote host fails to properly sanitize user-supplied input to the 'email' parameter in the lib/wordfenceClass.php script. An unauthenticated, remote attacker can exploit this issue, via a specially crafted request, to execute...

Apple WGT Dictionnaire 1.3 Script Code Injection

Title: ====== Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Date: ===== 2012-11-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=774 VL-ID: ===== 774 Common Vulnerability Scoring System: ==================================== 2.3 Introduction:...

Indexu Cross Site Scripting Vulnerability

Indexu is a directory software that allows you to run a great web directory and business directory. It is one of the oldest directory script on the net and has been used widely by thousands of webmasters since 2000. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /'...

Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability

Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=774 Release Date: ============= 2012-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability

Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=774 Release Date: ============= 2012-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Skype Community - Mail Encoding Web Vulnerability #2

Document Title: =============== Skype Community - Mail Encoding Web Vulnerability 2 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=719 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13022 & 13034 Release Date: ============= 2012-11-20 Vulnerability...

SonicWALL CDP 5040 6.x Cross Site Scripting

Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities

Document Title: =============== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=549 Release Date: ============= 2012-11-18 Vulnerability Laboratory ID VL-ID: ==================================== 549...

Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service

Media Player Classic MPC 1.5 - WebServer Request Handling Remote Denial of Service source: https://www.securityfocus.com/bid/56567/info Media Player Classic WebServer is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability. An attacker may leverage these issues to...

LAN.FS Messenger v2.4 - Command Execution Vulnerability

Document Title: =============== LAN.FS Messenger v2.4 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=760 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ==================================== 760...

LAN.FS Messenger v2.4 - Command Execution Vulnerability

Document Title: =============== LAN.FS Messenger v2.4 - Command Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=760 Release Date: ============= 2012-11-13 Vulnerability Laboratory ID VL-ID: ==================================== 760...

AWAuctionScript CMS - Multiple Remote Vulnerabilities

AWAuctionScript CMS - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/56388/info AWAuctionScript CMS is prone to the following remote vulnerabilities because it fails to sufficiently sanitize user-supplied data: 1. A remote SQL-injection vulnerability. 2. A remote...

Joomla! Component com_quiz - SQL Injection

Joomla! Component comquiz - SQL Injection source: https://www.securityfocus.com/bid/56338/info The Quiz component for Joomla! is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the...

CorePlayer - 'callback' Cross-Site Scripting

source: https://www.securityfocus.com/bid/56334/info CorePlayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...