Gentoo Security Advisory GLSA 200507-07 (phpwebsite)

The remote host is missing updates announced in advisory GLSA 200507-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)

The remote host is missing updates announced in advisory GLSA 200604-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SA-2008-056 - Simplenews - Cross site scripting

Simplenews publishes and sends newsletters to lists of subscribers. Newsletter categories are not always properly escaped. This allows users with the "administer taxonomy" permission to add arbitrary HTML and script code to the site. Wikipedia has more information about such cross site scripting...

Gentoo Security Advisory GLSA 200507-17 (thunderbird)

The remote host is missing updates announced in advisory GLSA 200507-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Datalife Engine CMS 7.2 - admin.php Cross-Site Scripting

Datalife Engine CMS 7.2 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31335/info Datalife Engine CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31335/info Datalife Engine CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

xt:Commerce 3.04 - 'advanced_search_result.php?keywords' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker...

FreeBSD : gallery -- multiple vulnerabilities (fc9e73b2-8685-11dd-bb64-0030843d3802)

Secunia reports : An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files. Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is...

xt:Commerce 3.04 - 'XTCsid' Session Fixation

source: https://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker...

eXtrovert software Thyme 1.3 - add_calendars.php Cross-Site Scripting

eXtrovert software Thyme 1.3 - addcalendars.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31287/info Thyme is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

Achievo 1.3.2 - 'atknodetype' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31326/info Achievo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

gallery -- multiple vulnerabilities

Secunia reports: An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files. Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is...

Quick Cart 3.1 - admin.php Cross-Site Scripting

Quick Cart 3.1 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31216/info Quick.Cart is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in th...

Quick CMS Lite 2.1 - admin.php Cross-Site Scripting

Quick CMS Lite 2.1 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31210/info Quick.Cms.Lite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script co...

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31152/info Paranews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31152/info Paranews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...

Nooms 1.1 - 'smileys.php?page_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Nooms 1.1 - smileys.php?page_id Cross-Site Scripting

Nooms 1.1 - smileys.php?pageid Cross-Site Scripting source: https://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...

Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting

Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting source: https://www.securityfocus.com/bid/31107/info Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverag...

Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31060/info Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...