Utopia News Pro 1.1.3 - footer.php Multiple Cross-Site Scripting Vulnerabilities

Utopia News Pro 1.1.3 - footer.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

Oracle 9 - XML DB Cross-Site Scripting

Oracle 9 - XML DB Cross-Site Scripting source: https://www.securityfocus.com/bid/15034/info Oracle XML DB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Utopia News Pro 1.1.3 - 'header.php?sitetitle' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...

GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200509-16 Mantis: XSS and SQL injection vulnerabilities Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could...

IceWarp Web Mail 5.5.1 - 'blank.html?id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

CMS Made Simple 0.10 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14937/info CMS Made Simple is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...

PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/14887/info PHP Advanced Transfer Manager is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitra...

vBulletin 1.0.1 lite/2.x/3.0 - &#039;/admincp/language.php?goto&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

vBulletin 1.0.1 lite2.x3.0 - admincptemplate.php Multiple Cross-Site Scripting Vulnerabilities

vBulletin 1.0.1 lite2.x3.0 - admincptemplate.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize...

vBulletin 1.0.1 lite2.x3.0 - admincpmodlog.php?orderby Cross-Site Scripting

vBulletin 1.0.1 lite2.x3.0 - admincpmodlog.php?orderby Cross-Site Scripting source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

vBulletin 1.0.1 lite2.x3.0 - admincpuser.php?email Cross-Site Scripting

vBulletin 1.0.1 lite2.x3.0 - admincpuser.php?email Cross-Site Scripting source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

Greymatter Comment Name Field Control Panel Log XSS

The remote host is using Greymatter, an open source weblogging and journal software written in perl. A vulnerability exists in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser. %NASLMINLEVEL 70300 C Tenable Network Security,...

Calendar Express Multiple Vulnerabilities (SQLi, XSS)

The remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker could exploit these flaws to use the remote host to...

MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting

source: https://www.securityfocus.com/bid/14828/info MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...

MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting

MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting source: https://www.securityfocus.com/bid/14828/info MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...

Sawmill < 7.1.14 GET Request Query String XSS

The version of Sawmill running on the remote web server is affected by a cross-site scripting vulnerability due to improper validation of user-supplied input appended to a GET request. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary scri...

[SA16775] PunBB Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Land Down Under < 802 events.php SQL Injection

Binary data 3209.prm...

GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...