ArcademSX 2.904 - cat Cross-Site Scripting

ArcademSX 2.904 - cat Cross-Site Scripting source: https://www.securityfocus.com/bid/41252/info ArcademSX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

TornadoStore 1.4.3 - SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify dat...

TornadoStore 1.4.3 - SQL Injection HTML Injection

TornadoStore 1.4.3 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues t...

ArcademSX 2.904 - 'cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41252/info ArcademSX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Ceica-GW - login.php Cross-Site Scripting

Ceica-GW - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40917/info Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...

Limny 2.1 - 'q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41152/info Limny is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site request-forgery issues. Attackers can exploit these issues to obtain sensiti...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site...

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/41030/info IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Cross-site Scripting (XSS) Vulnerabilities in CruxCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CruxCMS: CVE-2008-0700 The vulnerability exists due to input sanitation error in the "search"...

osCMax 2.0 - 'articles.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40998/info osCmax is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Sigmer Technologies Scribe CMS - copy_folder.php Cross-Site Scripting

Sigmer Technologies Scribe CMS - copyfolder.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41000/info Sigmer Technologies Scribe CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may...

osCMax 2.0 - articles.php Cross-Site Scripting

osCMax 2.0 - articles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40998/info osCmax is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...

Jamroom 4.0.2/4.1.x - 'forum.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41071/info Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

Invision Power Board 3.0.5 Calendar Application Script Insertion Vulnerability

No description provided by source. Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.info/penetrationstest.php Affected Products: ---------------------------- Invision Power Board 3.0.5 and prior Introduction ============ Invision Power Board is a widely used forums...

Cross-site Scripting (XSS) Vulnerabilities in Grafik CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Grafik CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Grafik CMS: CVE-2010-2615 The vulnerability exists due to input sanitation error in the...

Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the...

Microsoft Excel Embedded Shockwave Flash Object Code Execution (MS06-069; CVE-2006-3014)

Microsoft Excel is a popular spreadsheet application that is usually released as a part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A...

PhreeBooks Multiple HTML-Injection and Local File Include Vulnerabilities

PhreeBooks is prone to multiple local file-include vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view files and execute loca...

Joomla! JReservation Component Cross-Site Scripting Vulnerability

Joomla! JReservation Component Cross Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40690/info The JForJoomla JReservation component for Joomla! is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize...