6714 matches found
Joyful Note vulnerable to cross-site scripting
Overview Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the lates...
pChart 2.1.3 - Multiple Vulnerabilities
pChart 2.1.3 - Multiple Vulnerabilities Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3" Version: 2.1....
Open-Xchange Security Advisory 2014-01-17
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30357 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev29, 7.4.0-rev24,...
Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.1.0 security update
An update for the GateIn Portal component in Red Hat JBoss Portal 6.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
Zimbra < 7.0.0 LFI Vulnerability - Active Check
Zimbra is prone to a local file include LFI vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zimbra:collaboration";...
XSS vulnerability in 'Share a link' blueprint
Open the Create dialog - Select "Share a Link" article - In the 'Topics' field, enter an attack string such as: alert"hello" =The script will be executed...
iisspy and iis6. 0 parsing fixes-vulnerability warning-the black bar safety net
IIS Spy: “%SystemRoot%/ServicePackFiles/i386/activeds.dll “%SystemRoot%/system32/activeds.dll “%SystemRoot%/system32/activeds. tlb The USER group and the POWERS Group is removed, leaving only the administrators and system permissions. iis6. 0 analysis 1, can upload the directory to the IIS does n...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. LAC Co., Ltd. reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error messages, which may lead to cross-site scripting. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
TomatoCart 1.1.8.2 - 'class' Local File Inclusion
source: https://www.securityfocus.com/bid/63795/info TomatoCart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. Thi...
TOWN (modified version) vulnerable to cross-site scripting
Overview TOWN modified version contains a cross-site scripting vulnerability. TOWN modified version provided by Tattyan's HP contains a cross-site scripting vulnerability. Yu Yagihashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
Tiki Wiki CMS Groupware vulnerable to cross-site scripting
Overview Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Schneider Electric InduSoft Web Studio Arbitrary Script Execution
Binary data scadaindusoftwebstudioscriptexecution.nbin...
PSF-2013-3 CGI directory traversal (URL parsing)
An error in separating the path and filename of the CGI script to run in http.server.CGIHTTPRequestHandler allows running arbitrary executables in the directory under which the server was started...
Apache Struts XWork Error Page Multiple Cross-Site Scripting (CVE-2011-1772)
A Cross-Site Scripting vulnerability has been reported in Apache Struts. The vulnerabilities are due to unsanitized parameters in various automatically generated error pages. A remote attacker can exploit these vulnerabilities by enticing a victim to follow a specially crafted link. Successful...
Accela BizSearch vulnerable to cross-site scripting
Overview Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Reflected cross-site scripting (XSS) in dosearchsite action
The dosearchsite action is vulnerable to reflected cross-site scripting XSS via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability. If the URL below is visited by an...
Multiple vulnerabilities in Hitachi JP1/Cm2/Network Node Manager i
Overview Hitachi JP1/Cm2/Network Node Manager i contains multiple vulnerabilities. Impact Malicious remote users can exploit this vulnerability to disrupt services, disclose configuration data or execute arbitrary script. Solution Please refer to the 'Vendor Information' section for the official...
Opera vulnerable to cross-site scripting
Overview Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided ...
Symantec Encryption Management Server Web Email Protection XSS
SUMMARY Symantec's Encryption Management Server, previously PGP Universal Server, is susceptible to a cross-site scripting XSS issue, in the web management interface of the server. The XSS issue is in the Web Email Protection component. This issue could allow an authenticated Web Email Protection...