Claroline 1.8.3 - $_SERVER[PHP_SELF] Multiple Cross-Site Scripting Vulnerabilities

Claroline 1.8.3 - $SERVERPHPSELF Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24742/info Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues ...

LightBlog <= 5 Add_Comment.PHP Cross-Site Scripting Vulnerability

LightBlog 5 AddComment.PHP Cross-Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/24741/info LightBlog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may...

Oracle Rapid Install Web Server - Secondary Login Page Cross-Site Scripting

Oracle Rapid Install Web Server - Secondary Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/24697/info Oracle Rapid Install Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can...

DirectAdmin XSS vuln.

DirectAdmin XSS vuln. Vuln. discovered by : r0t Date: 28 June 2007 vendor:http://www.directadmin.com orginal advisory: http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html affected versions:v1.30.1 and previous DirectAdmin contains a flaw that allows a remote Cross-Site Scripting...

Oracle Rapid Install Web Server - Secondary Login Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/24697/info Oracle Rapid Install Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to inject HTML and script code into the browser ...

Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - &#039;setup.cgi&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/24682/info Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into opening a malicious URI...

Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - setup.cgi Cross-Site Scripting

Linksys WAG54GS 1.0.6 Wireless-G ADSL Gateway - setup.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/24682/info Linksys Wireless-G ADSL Gateway is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input...

ETicket 1.5.5 - &#039;Open.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/24681/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary...

Key Focus Web Server 3.1 - Index.WKF Cross-Site Scripting

source: https://www.securityfocus.com/bid/24623/info Key Focus Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

Key Focus Web Server 3.1 - Index.WKF Cross-Site Scripting

Key Focus Web Server 3.1 - Index.WKF Cross-Site Scripting source: https://www.securityfocus.com/bid/24623/info Key Focus Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...

access2asp XSS vuln.

access2asp XSS vuln. Vuln. discovered by : r0t Date: 22 June 2007 vendor:http://www.access2asp.com/ orginal advisory: http://pridels-team.blogspot.com/2007/06/access2asp-xss-vuln.html affected versions: access2asp v4.5 and prior access2asp contains a flaw that allows a remote Cross-Site Scripting...

csc-sqlxss.txt

--- Comersus Shop Cart 7.07 SQL Injection & XSS Comersus is an active server pages asp software for running shopping stores, integrated with the rest of your web site. Comersus ASP Cart is free and IT CAN BE used for commercial purposes. An attacker may leverage this issue to have arbitrary scrip...

fusetalk CSS &#40;comfinish.cfm&#41;

Hello everyone, After trying to report a SQL bug autherror.cfm to FuseTalk, and seeing them providing patches to customers dropping new fixed .cfm files in a private place reserved to customers without giving proper credits and without reporting them publicly we were following the Full Disclosure...

Apache Tomcat snoop.jsp URI XSS

The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to...

Joomla! Component Letterman Subscriber Module 1.2.4 - &#039;Mod_Lettermansubscribe.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/24479/info The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

Joomla! Component Letterman Subscriber Module 1.2.4 - Mod_Lettermansubscribe.php Cross-Site Scripting

Joomla! Component Letterman Subscriber Module 1.2.4 - ModLettermansubscribe.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24479/info The Joomla! Letterman Subscriber module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize...

Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability

Description Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive...

Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability

Description Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to...

WmsCMS &lt; = 2.0 Multiple XSS Vulnerabilities

Application: WmsCMS Vendors Url: http://www.web-master.biz Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities Exploitation: Remote Severity: Less Critical Solution Status: Unpatched Introduction: WmsCMS is a web-based CMS system Google Dork: "Powered by WMS-CMS" Affected...

WordPress Core 2.2 - &#039;Request_URI&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/24383/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This...