6664 matches found
Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities
Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12907/info Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
ESMI PayPal StoreFront 1.7 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/12904/info ESMI PayPal Storefrom is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in...
Dream4 Koobi CMS 4.2.3 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/12895/info Koobi CMS is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in...
Invision Power Board HTTP POST Request IFRAME Tag XSS
The version of Invision Power Board installed on the remote host does not properly sanitize HTML tags, which enables a remote attacker to inject a malicious IFRAME when posting a message to one of the hosted forums. This could cause arbitrary HTML and script code to be executed in the context of...
paNews20b4.txt
PersianHacker.NET 200505-06 paNews v2.0b4 XSS Vulnerability Date: 2005 February Bug Number: 06 paNews is a news management script to use on your site. Users can use paCode, special code designed to allow the adding of images and font changes in the posts without allowing users to use HTML to post...
ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities
ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12596/info ZeroBoard is reported prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an...
[Full-Disclosure] [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability
Gentoo Linux Security Advisory GLSA 200502-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
pLog register.php Multiple Parameter XSS
The remote host is running pLog, a blogging system written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a cross-site scripting attack. To exploit this flaw, an attacker would need to use the script...
Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution
Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable...
Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution
source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script...
Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution
Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution source: https://www.securityfocus.com/bid/12050/info Tlen.pl is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable...
Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption
source: https://www.securityfocus.com/bid/12031/info The Windows Media Player ActiveX control is prone to a security weakness. The issue is that the control may be abused by a Web page to change attributes of media files such as MP3. An attacker can influence attributes such as the artist, song...
Gadu-Gadu several vulnerabilities
Product: Gadu-Gadu, most of all available versions including the latest one Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Several vulnerabilities within application allow for remote execution of arbitrary code and information stealing Severity: Critical Authors: Blazej Miga...
woolchat.txt
Hi, I found a bug about WoolChat japanese popular irc client http://www.vector.co.jp/soft/win95/net/se091872.html which allow anyone to kill victim's WoolChat. It has a problem to handle DCC SEND query so if 260 or more bytes file name is specified, it exits immediately with error dialog. DoS...
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Jim Paris has discovered a cross-site scripting...
BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion
BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied...
BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion
source: https://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicio...
Debian DSA-246-1 : tomcat - information exposure, XSS
The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome fil...
phpGroupWare: XSS vulnerability in wiki module
Background phpGroupWare is a web-based suite of group applications including calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks...
PluggedOut Blog 1.51/1.60 - 'Blog_Exec.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10885/info PluggedOut Blog is reported prone to a cross-site scripting vulnerability. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerable site. This code execution would...