Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS

The version of Microsoft SharePoint Services running on the remote host has a cross-site scripting vulnerability. Input sent to the 'cid0' parameter of '/layouts/help.aspx' is not properly sanitized. A remote attacker could exploit this by tricking a user into making a malicious request, resultin...

ArcademSX 2.904 - cat Cross-Site Scripting

ArcademSX 2.904 - cat Cross-Site Scripting source: https://www.securityfocus.com/bid/41252/info ArcademSX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

TornadoStore 1.4.3 - SQL Injection HTML Injection

TornadoStore 1.4.3 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues t...

ArcademSX 2.904 - 'cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41252/info ArcademSX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

TornadoStore 1.4.3 - SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify dat...

Ceica-GW - login.php Cross-Site Scripting

Ceica-GW - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40917/info Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...

Limny 2.1 - 'q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41152/info Limny is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site request-forgery issues. Attackers can exploit these issues to obtain sensiti...

osCMax 2.0 - articles.php Cross-Site Scripting

osCMax 2.0 - articles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40998/info osCmax is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...

Sigmer Technologies Scribe CMS - copy_folder.php Cross-Site Scripting

Sigmer Technologies Scribe CMS - copyfolder.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41000/info Sigmer Technologies Scribe CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may...

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/41030/info IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

osCMax 2.0 - 'articles.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40998/info osCmax is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Jamroom 4.0.2/4.1.x - 'forum.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41071/info Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

Cross-site Scripting (XSS) Vulnerabilities in CruxCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in CruxCMS: CVE-2008-0700 The vulnerability exists due to input sanitation error in the "search"...

Invision Power Board 3.0.5 Calendar Application Script Insertion Vulnerability

No description provided by source. Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.info/penetrationstest.php Affected Products: ---------------------------- Invision Power Board 3.0.5 and prior Introduction ============ Invision Power Board is a widely used forums...

Cross-site Scripting (XSS) Vulnerabilities in Grafik CMS

High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in Grafik CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Grafik CMS: CVE-2010-2615 The vulnerability exists due to input sanitation error in the...

Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.39. It is, therefore, affected by one or more of the following vulnerabilities : - If the remote Apache Tomcat install is configured to use the SingleSignOn Valve, the...

Microsoft Excel Embedded Shockwave Flash Object Code Execution (MS06-069; CVE-2006-3014)

Microsoft Excel is a popular spreadsheet application that is usually released as a part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A...

PhreeBooks Multiple HTML-Injection and Local File Include Vulnerabilities

PhreeBooks is prone to multiple local file-include vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view files and execute loca...