Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability

Description Microsoft Office Web Components is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the conte...

Gallarific - search.php?query Cross-Site Scripting

Gallarific - search.php?query Cross-Site Scripting source: https://www.securityfocus.com/bid/28163/info Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the...

EncapsGallery 1.11.2 - catalog_watermark.php?file Cross-Site Scripting

EncapsGallery 1.11.2 - catalogwatermark.php?file Cross-Site Scripting source: https://www.securityfocus.com/bid/28178/info EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection

source: https://www.securityfocus.com/bid/28151/info F5 BIG-IP Web Management Interface is prone to a HTML-injection vulnerability because the web management interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection

F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection source: https://www.securityfocus.com/bid/28151/info F5 BIG-IP Web Management Interface is prone to a HTML-injection vulnerability because the web management interface fails to properly sanitize user-supplied input. An attacker may...

WordPress 2.3.2 - wp-admininvites.php?to Cross-Site Scripting

WordPress 2.3.2 - wp-admininvites.php?to Cross-Site Scripting source: https://www.securityfocus.com/bid/28139/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Neptune Web Server 3.0 - 404 Error Page Cross-Site Scripting

Neptune Web Server 3.0 - 404 Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/28148/info Neptune Web Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Neptune Web Server 3.0 - 404 Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/28148/info Neptune Web Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

ImageVue 1.7 - 'upload.php?path' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28138/info Imagevue is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28139/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

ImageVue 1.7 - dir2.php?path Cross-Site Scripting

ImageVue 1.7 - dir2.php?path Cross-Site Scripting source: https://www.securityfocus.com/bid/28138/info Imagevue is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting Vulnerability

Podcast Generator 0.96.2 'setpermissions.php' Cross-Site Scripting Vulnerability. CVE-2008-1212. Webapps exploit for php platform source: http://www.securityfocus.com/bid/28106/info Podcast Generator is prone to a cross-site scripting vulnerability because it fails to adequately sanitize...

MG2 - 'list' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28098/info MG2 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Flyspray 0.9.9 - Information DisclosureHTML Injection Cross-Site Scripting

Flyspray 0.9.9 - Information DisclosureHTML Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/28076/info Flyspray is prone to an information-disclosure issue, an HTML-injection issue, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

Simple PHP Scripts Gallery 0.x - index.php Cross-Site Scripting

Simple PHP Scripts Gallery 0.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28056/info Simple PHP Scripts 'gallery' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this...

Simple PHP Scripts Gallery 0.x - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28056/info Simple PHP Scripts 'gallery' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Juniper Networks Secure Access 2000 - rdremediate.cgi Cross-Site Scripting

Juniper Networks Secure Access 2000 - rdremediate.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/28034/info Juniper Networks Secure Access 2000 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverag...

Flicks Software AuthentiX 6.3b1 - Username Multiple Cross-Site Scripting Vulnerabilities

Flicks Software AuthentiX 6.3b1 - Username Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28040/info Flicks Software AuthentiX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

SA-2008-018 - Drupal core - Cross site scripting

Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...

flyspray -- multiple vulnerabilities

The Flyspray Project reports: Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch javascript function. There is an XSS problem in the history tab, th...