SA-2007-032 - Shoutbox - Cross site scripting

Message sent from the Shoutbox block, where visitors can quickly post short messages, are not properly sanitized in a number of cases. This allows malicious users to inject arbitrary HTML and script code into the block. Learn more about cross site scripting on Wikipedia. Versions affected Shoutbo...

Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple SQL Injections

Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple SQL Injections source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues...

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Remote File Access

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Remote File Access source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues...

Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple SQL Injections

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

Absolute News Manager .NET 5.1 - 'getpath.aspx' Direct Request Error Message Information

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

F5 Networks FirePass 4100 SSL VPN - My.Logon.php3 Cross-Site Scripting

F5 Networks FirePass 4100 SSL VPN - My.Logon.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/26659/info F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may...

F5 Networks FirePass 4100 SSL VPN - 'My.Logon.php3' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26659/info F5 Networks FirePass 4100 SSL VPN devices are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

phpslideshow-xss.txt

PHPSlideShow toonchapter8.php Cross-Site Scripting Vulnerability Download: http://fmdeluxe.com/ Bug found by Jose Luis Góngora Fernández / JosS Contact: sys-projectathotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join fullsecure d0rk: "Powered by PHPSlideShow"...

Satel Lite - Satellite.php Local File Inclusion

Satel Lite - Satellite.php Local File Inclusion source: https://www.securityfocus.com/bid/23143/info Satel Lite is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to access sensitive information...

PHPSlideShow 0.9.9 - Directory Cross-Site Scripting

PHPSlideShow 0.9.9 - Directory Cross-Site Scripting source: https://www.securityfocus.com/bid/26575/info PHPSlideShow is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or...

FMDeluxe 2.1 - index.php Cross-Site Scripting

FMDeluxe 2.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26587/info FMDeluxe is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows an attacker to execute arbitrary HTML or script...

VBTube 1.1 - Search Cross-Site Scripting

VBTube 1.1 - Search Cross-Site Scripting source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a...

Bandersnatch 0.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/26553/info Bandersnatch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

GWextranet Multiple Vulnerabilites

GWextranet Multiple Vulnerabilites Vendor: Messaging Architects http://www.gwtools.com/en/gwextranet/eval/ http://www.example/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAILDEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini00...

Citrix Netscaler 8.0 build 47.8 - Generic_API_Call.pl Cross-Site Scripting

source: https://www.securityfocus.com/bid/26491/info Citrix NetScaler is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...

Liferay Portal 4.1 Login Script - Cross-Site Scripting

Liferay Portal 4.1 Login Script - Cross-Site Scripting source: https://www.securityfocus.com/bid/26470/info Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

Liferay Portal 4.1 Login Script - Cross-Site Scripting

source: https://www.securityfocus.com/bid/26470/info Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user ...

Aruba MC-800 Mobility Controller - Screens Directory HTML Injection

Aruba MC-800 Mobility Controller - Screens Directory HTML Injection source: https://www.securityfocus.com/bid/26465/info Aruba MC-800 Mobility Controller is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow...

GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200711-17 Ruby on Rails: Multiple vulnerabilities candlerb found that ActiveResource, when processing responses using the Hash.fromxml function, does not properly sanitize filenames CVE-2007-5380. The session management...