ac4p Mobile - 'up.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...

Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD"

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in Web Mail service by "Walla! Communications LTD" Discovered Date: 05/10/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.walla.co.il/ Details: Walla! Communications LTD Web Mail servic...

Netquery 4.0 - NQUser.php Cross-Site Scripting

Netquery 4.0 - NQUser.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20837/info Netquery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

Exhibit Engine 1.22 - fstyles.php?toroot Remote File Inclusion

Exhibit Engine 1.22 - fstyles.php?toroot Remote File Inclusion source: https://www.securityfocus.com/bid/20793/info Exhibit Engine Software is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allo...

ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting

ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/20335/info ASPPlayground.NET Forum Advanced Edition is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage...

Simpnews 2.x - 'pwlost.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...

Simpnews 2.x - pwlost.php Cross-Site Scripting

Simpnews 2.x - pwlost.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script...

Simpnews 2.x - index.php Cross-Site Scripting

Simpnews 2.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20714/info SimpNews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script...

WikiNi 0.4.x - Waka.php Multiple HTML Injection Vulnerabilities

WikiNi 0.4.x - Waka.php Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/20688/info WikiNi is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. An...

cPanel 10.9 - 'editzonetemplate?template' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20683/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in th...

Webgenius Goop Gallery 2.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20554/info GOOP Gallery is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting us...

PowerMovieList 0.130.14 - Edit User HTML Injection

PowerMovieList 0.130.14 - Edit User HTML Injection source: https://www.securityfocus.com/bid/20564/info PowerMovieList is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...

Debian DSA-1148-1 : gallery - several vulnerabilities

Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. ...

Debian DSA-1063-1 : phpgroupware - missing input sanitising

It was discovered that the Avatar upload feature of FUD Forum, a component of the web-based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1033-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabiliti...

Xoops 2.2.3 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20514/info Xoops is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of...

eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: eXpBlog = 0.3.5 Cross Site Scripting Vulnerabilities Release Date: 10/09/2006 Last Modified: 10/09/2006 Author: Tamriel tamriel at gmx dot net Application: eXpBlog = 0.3.5 Risk: Low Vendor Status: contaced | replied Vendor Site:...

Microsoft ASP.NET AutoPostBack Variable Cross-Site Scripting Vulnerability

Description Microsoft ASP.NET is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input before it is rendered in the browser of an unsuspecting user in the context of the affected site. An attacker may leverage this issue to have arbitrar...

ISearch 2.16 - 'ISEARCH_PATH' Remote File Inclusion

source: https://www.securityfocus.com/bid/20401/info iSearch is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the...

osCommerce 2.2 - admintax_classes.php?page Cross-Site Scripting

osCommerce 2.2 - admintaxclasses.php?page Cross-Site Scripting source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting use...