C99Shell 1.0 Cross Site Scripting

============================================================================================ | Title : !C99Shell v.1.0 pre-release build 16! Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com/vb | Script Home :...

SendStudio 4.0.1 - Cross-Site Scripting / Security Bypass

source: https://www.securityfocus.com/bid/37554/info SendStudio also called Email Marketer is prone to a cross-site scripting issue and a security-bypass issue. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Webring - Cross-Site Scripting

Webring - Cross-Site Scripting ======================================================================================== | Title : webring Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

Xss Discuz! version 5.0.0 RC1

No description provided by source. Xss Discuz! version 5.0.0 RC1 Author: SpiderZ Sito: http://www.spiderz.altervista.org Sito2: https://www.spiderz.netsons.org Download Board : http://www.discuz.com File: usearch.html ?site=www.discuz.net&kw= Message Script:...

Simple PHP Blog 0.5.1 - Local File Inclusion

Simple PHP Blog 0.5.1 - Local File Inclusion Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in th...

Microsoft 4.0 IIS repost.asp允许上传脚本执行文件

No description provided by source...

Active! mail 2003 cross-site scripting vulnerability

Overview Active! mail 2003 from TransWARE Co. contains a cross-site scripting vulnerability. Active! mail 2003 from TransWARE Co. is a web-based email software. Active! mail 2003 contains a cross-site scripting vulnerability. Kenichi Maehashi of CIS RAT at Hosei University reported this...

OpenX <= 2.8.1 execute arbitrary PHP code-exploits warning-the black bar safety net

Test method: OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the insecure file upload...

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

User's Full Name is an XSS vector in Status Updates tab of User Profile

A user's full name is an XSS vector when viewing the "Status Updates" tab of the user profile. 1 Set a user's Full Name as "alertdocument.cookie". 2 Log out. 3 If anonymous access is disabled, log in as a different user, otherwise, continue as Anonymous. 4 Go to the profile page for the user...

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)

source: https://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An attacker may leverage these issues to gain unauthorized access to the affected application and execute...

JVN#01245481 Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...

CuteNews 1.4.6 - &#039;index.php&#039; Cross-Site Request Forgery (New User Creation)

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

Wowd - &#039;index.html&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/42327/info Wowd search client is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...

Opera < 10.01 Multiple Vulnerabilities

Binary data 800863.prm...

Opera < 10.01 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 10.01. Such versions are potential affected by multiple issues : - Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash or possibly remote code execution. 938 - Opera may allow scripts to...

Canon IT Solutions Inc. ACCESSGUARDIAN vulnerable to cross-site scripting

Overview Canon IT Solutions Inc. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Canon IT Solutions Inc. ACCESSGUARDIAN is a web security gateway. ACCESSGUARDIAN contains a cross-site scripting vulnerability. Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS Inc. reported this vulnerabili...

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple Cybozu products are vulnerable to cross-site scripting. Multiple products groupware etc. provided by Cybozu, Inc. contain a cross-site scripting vulnerablility. This vulnerability is different from JVN50342989, and JVN90712589. Takeshi Terada of Mitsui Bussan Secure Directions,...

Links from indexbrowser.jsp are vulnerable to XSS attacks

CONF-16888 has introduced or re-introduced an XSS vulnerability. To reproduce: Create a new user, and for the Full Name use: noformatalert'Vulnerable'noformat Go to ../admin/indexbrowser.jsp and find the entry Click on the entry, and the script is executed. This also happens for other content typ...

Juniper Junos 8.5/9.0 J-Web Interface - &#039;/configuration&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplied HTML or JavaScript code could ru...