Ajax Chat 0.1 - 'operator_chattranscript.php?chatid' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/19238/info AJAX Chat is prone to both a directory-traversal vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the directory-traversal issue to retrieve arbitrary files...

Advanced Webhost Billing System 2.2.2 Contact.PHP Multiple Cross-Site Scripting Vulnerabilities

Advanced Webhost Billing System 2.2.2 Contact.PHP Multiple Cross-Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/19226/info Advanced Webhost Billing System AWBS is prone to multiple cross-site scripting vulnerabilities because it fails to...

Cross-Site Scripting and Local File Inclusion in Phorum

Some vulnerabilities have been discovered in Phorum, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and potentially compromise a vulnerable system. 1 Input passed to the "template" parameter in pm.php isn't properly verified,...

ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting

ZYXEL Prestige 660H-61 ADSL Router - Cross-Site Scripting source: https://www.securityfocus.com/bid/19180/info The Zyxel Prestige 660H-61 ADSL Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

wwwThreads - calendar.php Cross-Site Scripting

wwwThreads - calendar.php Cross-Site Scripting source: https://www.securityfocus.com/bid/19177/info WWWThreads is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in t...

[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure

MajorSecurity 23 BLOG:CMS = 4.0.0j - XSS and cookie disclosure ------------------------------------------------------------------- Software: BLOG:CMS Version: 4.0.0j Type: Cross site scripting Made public: July, 22th 2006 Vendor: F-ART AGENCY, Ltd. - Radek Hulбn Page: http://blogcms.com/ Credits:...

Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/19105/info Advanced Poll is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containing malicious script code...

Update Protection against Geeklog Remote Code Execution Vulnerability

Geeklog is a PHP/MySQL based application for managing dynamic web content. Geeklog CMS fails to validate multiple file extensions, potentially allowing a remote attacker to upload malicious script code, which will be executed in the context of the webserver process...

FLV Players 8 - popup.php?url Cross-Site Scripting

FLV Players 8 - popup.php?url Cross-Site Scripting source: https://www.securityfocus.com/bid/18954/info FLV Player is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

FLV Players 8 - 'popup.php?url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18954/info FLV Player is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

Hosting Controller 1.x - error.asp Cross-Site Scripting

Hosting Controller 1.x - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue...

Hosting Controller 1.x - 'error.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18933/info Hosting Controller is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to have arbitrary script code execute in the browser of...

ATutor 1.5.x - adminfix_content.php?submit Cross-Site Scripting

ATutor 1.5.x - adminfixcontent.php?submit Cross-Site Scripting source: https://www.securityfocus.com/bid/18857/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

Horde < 3.0.11 / 3.1.2 Multiple Script XSS

The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it in dynamically-generated content. An unauthenticated attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's...

Vincent Leclercq News 5.2 - Cross-Site Scripting

Vincent Leclercq News 5.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/18775/info Vincent Leclercq News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before displaying it to users of the application. An attacker may...

free QBoard 1.1 - about.php?qb_path Remote File Inclusion

free QBoard 1.1 - about.php?qbpath Remote File Inclusion source: https://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to...

SoftBiz Banner Exchange Script 1.0 - &#039;lostpassword.php?PHPSESSID&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. An attacker may leverage these issues to have arbitrar...

mvnForum activatemember Multiple Parameter XSS

The remote host is running mvnForum, an open source, forum application based on Java J2EE. The version of mvnForum installed on the remote host fails to sanitize user-supplied input to the 'activatecode' and 'member' parameters of the 'activatemember' script before using it to generate dynamic we...

MF Piadas 1.0 - admin.php Cross-Site Scripting

MF Piadas 1.0 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18676/info MF Piadas is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in th...

H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18677/info H-Sphere is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in th...