MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability

Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.5 and all previous releases Vunerability type: Remote Script Execution Report Date: 2012-Feb-16 Fixed Date: 2012-Feb-20 Description A vigilant community member sent us a security notice to let us know that he found a securit...

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

MyBB 1.6.6之前版本多个安全漏洞

BUGTRAQ ID: 51962 MyBB是一款流行的Web论坛程序。 MyBB在实现上存在多个安全漏洞，攻击者可利用这些漏洞执行脚本代码、窃取Cookie身份验证凭证、泄露或修改敏感信息或执行非法操作。 0 MyBB 1.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ports.php?base_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities. An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in t...

vBadvanced CMPS 3.2.2 - vba_cmps_include_bottom.php Remote File Inclusion

vBadvanced CMPS 3.2.2 - vbacmpsincludebottom.php Remote File Inclusion source: https://www.securityfocus.com/bid/51672/info vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow a...

glucose 2 vulnerable to arbitrary script execution

Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

JVN#65869891: glucose 2 vulnerable to arbitrary script execution

glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Impact An arbitrary script may be executed on the vulnerable system. Solution Update the software Update to the latest version...

Joomla! Component com_bulkenquery - Controller Local File Inclusion

Joomla! Component combulkenquery - Controller Local File Inclusion source: https://www.securityfocus.com/bid/51622/info The 'combulkenquery' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this...

osCommerce Japanese version vulnerable to cross-site scripting

Overview osCommerce Japanese version contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this...

osCommerce vulnerable to cross-site scripting

Overview osCommerce contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

Oracle WebLogic Server vulnerable to cross-site scripting

Overview Oracle WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Minetoshi Takizawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

VertrigoServ 'ext' Parameter Cross Site Scripting Vulnerability

This host is running VertrigoServ and is prone to cross-site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbvertrigoservextparamxssvuln.nasl 5792 2017-03-30 13:18:14Z cfi $ VertrigoServ 'ext' Parameter Cross Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

PukiWiki Plus! vulnerable to cross-site scripting

Overview PukiWiki Plus! contains a cross-site scripting vulnerability. PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Koki Nakayasu of Keiji Takeda Lab, Keio...

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts may create web applications that contain a cross-site scripting vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting...

epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51149/info epesi BIM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting IDA Pro running the IDAPython plugin. By default, the IDAPython plugin is installed with all versions of IDA Pro. Microsoft discovered and disclosed the vulnerability under...

Microsoft Internet Explorer XSS Filter Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to...

phpWebSite vulnerable to cross-site scripting

Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

Etomite vulnerable to cross-site scripting

Overview Etomite contains a cross-site scripting vulnerability. Etomite is a content management system CMS. Etomite contains an issue with the processing of contents in the search field, which may result in cross-site scripting. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

PowerChute Business Edition vulnerable to cross-site scripting

Overview PowerChute Business Edition contains a cross-site scripting vulnerability. PowerChute Business Edition from Schneider Electric is a power management software. PowerChute Business Edition contains a cross-site scripting vulnerability. Jun Okada of GLOBAL TECHNOLOGY CORPORATION reported th...