Hexamail Server 4.4.5 - Persistent Cross-Site Scripting

Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; root@bt:/ Send email to the victim: root@bt:/ sendemail -f [email protected] -t [email protected] -xu [email protected] \ -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.example.com Vendor time...

Hexamail Server <= 4.4.5 Persistent XSS Vulnerability

Exploit for windows platform in category web applications Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; email protected:/ Send email to the victim: email protected:/ sendemail -f email protected -t email protected -xu email protected \ -xp...

RSSOwl vulnerable to arbitrary script execution

Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

Sybase EAServer vulnerable to cross-site scripting

Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

JVN#77947437: RSSOwl vulnerable to arbitrary script execution

RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

Ajaxmint Gallery 1.0 - Local File Inclusion

source: https://www.securityfocus.com/bid/53659/info Ajaxmint Gallery is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and to execute local scripts in the context of the webserver...

Vanilla Forums About Me Plugin - Persistent Cross-Site Scripting

Title: Vanilla About Me Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + About Me 1.1.1 http://vanillaforums.org/addon/aboutme-plugin http://http://vanillaforums.org Go to...

multimedia macro allows execution of arbitrary scripts

The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...

Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS

Exploit for php platform in category web applications Title: Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS Vulnerability Date: 18/5/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + FirstLastNames 1.3.2...

OSQA vulnerable to cross-site scripting

Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

Opera Browser Multiple Vulnerabilities October-10 (Mac OS X)

The host is installed with Opera browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnoct10macosx.nasl 5950 2017-04-13 09:02:06Z teissa $ Opera Browser Multiple Vulnerabilities October-10 Mac OS X Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...

Vulnerabilities in RealNetworks Helix Server Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting RealNetworks Helix Server software version 14.2.0.212 and earlier. Microsoft discovered and disclosed these vulnerabilities under coordinated vulnerability disclosure to th...

Wireshark Insecure Search Path Script Execution (CVE-2011-3360)

A script execution vulnerability has been reported in Wireshark...

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA...

SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...

JEECMS the background of any file editing vulnerability and get a shell-vulnerability warning-the black bar safety net

JEECMS is based on java technology development, inheritance of its strong, stable, secure, efficient, cross-platform, and many other advantages · use of SpringMVC3+Spring3+Hibernate3+Freemarker mainstream technical architecture security is doing very perverted, when the site after the installatio...

Bitweaver 'rankings.php' Local File Include Vulnerability

Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.0 through version 6.0.2. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuk...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.2 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuke...