Dragonfly CMS 9.0.6 .1 News Module Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16784/info Dragonfly is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

RedCMS 0.1 register.php Multiple Field XSS

No description provided by source. source: http://www.securityfocus.com/bid/17336/info RedCMS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to HTML-injection and...

SAP BusinessObjects 12 URI Redirection and Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to...

Spread The Word Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13733/info Spread The Word is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...

MyBulletinBoard 1.0 Forumdisplay.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14754/info MyBulletinBoard is prone to a cross-site scripting vulnerability. This is due to a lack of proper sanitization of user-supplied input to the application. An attacker may leverage this issue to have arbitrary...

PHPCommunityCalendar 4.0 - Multiple Remote Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14767/info phpCommunityCalendar is prone to multiple remote cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage any of these issues ...

Microsoft Internet Explorer 6.0 File Attachment Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5450/info An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are associated with Internet...

MilliScripts 1.4 Register.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15792/info MilliScripts is prone to a cross-site scripting vulnerability. This is due to a lack of proper input validation. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

BlackBoard Internet Newsboard System 1.5.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may...

Apple QuickTime 7.1.3 Plug-In Arbitrary Script Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of t...

BookReview 1.0 add_review.htm Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

webSPELL 4.1.2 - 'index.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28294/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

RealOne Player 1.0/2.0/6.0.10/6.0.11 SMIL File Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of...

All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...

SourceBans 1.4.7 XSS Vulnerability

No description provided by source. Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:sourcebans/index.php?p=submit Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly the banned users for...

Mantis 0.19 Remote Server-Side Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'registerglobals = on'. When...

PHPBB2 Page_Header.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply...

mUnky 0.01'index.php' Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30705/info mUnky is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows attackers to cause the application to execute arbitra...

Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit

No description provided by source. Sudo local root escalation privilege vuln versions : sudo 1.6.8p10 by breno You need sudo access execution for some bash script Use csh shell to change SHELLOPTS env ie: %cat x.sh !/bin/bash -x echo Getting root!! % cat /etc/sudoers ... breno ALL=ALL...

iDevSpot iSupport 1.8 'index.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...