Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/38261/info Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change...

Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/38252/info Portrait Campaign Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/38261/info Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitra...

Extreme Mobster - 'login' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38265/info Extreme Mobster is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

BGSvetionik BGS CMS - search Cross-Site Scripting

BGSvetionik BGS CMS - search Cross-Site Scripting source: https://www.securityfocus.com/bid/38264/info BGSvetionik BGS CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

EziScript Google Page Rank 1.1 - Cross-Site Scripting

EziScript Google Page Rank 1.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/38266/info EziScript Google Page Rank is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Extreme Mobster - login Cross-Site Scripting

Extreme Mobster - login Cross-Site Scripting source: https://www.securityfocus.com/bid/38265/info Extreme Mobster is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

EziScript Google Page Rank 1.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/38266/info EziScript Google Page Rank is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...

BGSvetionik BGS CMS - 'search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38264/info BGSvetionik BGS CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Symantec Norton AntiVirus Stack Exhaustion

Norton AntiVirus is a virus protection solution produced by Symantec corporation. When installed on a system, it installs a number of dynamic libraries and registers several ActiveX controls. A vulnerability has been reported in several Symantec products. One of the dynamic link libraries install...

Basic-CMS - 'nav_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38235/info Basic-CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations

source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote command-injection issue An attacker may leverage...

ShopEx Single 4.5.1 - errinfo Cross-Site Scripting

ShopEx Single 4.5.1 - errinfo Cross-Site Scripting source: https://www.securityfocus.com/bid/39941/info ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code...

ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39941/info ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/38116/info evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue. Attackers can exploit these issues to gain administrative access to the affected application, execute...

evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities

evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/38116/info evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue. Attackers can exploit these issues to gain...

Facebook Cross Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2010-001 - Original release date: January 8th, 2010 - Last revised: February 3rd, 2010 - Discovered by: Juan Galiana Lara - Severity: 6.3/10 CVSS Base Score ============================================= I. VULNERABILIT...

SAP BusinessObjects viewError.jsp 'error' Parameter XSS

The version of SAP BusinessObjects installed on the remote web server has a cross-site scripting vulnerability. Input passed to the 'error' parameter of '/PerformanceManagement/jsp/viewError.jsp' is not properly sanitized. A remote attacker could exploit this by tricking a user into requesting a...

COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38004/info Comtrend CT-507 IT is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

COMTREND CT-507 IT ADSL Router - scvrtsrv.cmd Cross-Site Scripting

COMTREND CT-507 IT ADSL Router - scvrtsrv.cmd Cross-Site Scripting source: https://www.securityfocus.com/bid/38004/info Comtrend CT-507 IT is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage...