6712 matches found
Debian DSA-1133-1 : mantis - missing input sanitising
Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered ...
H-Sphere WebShell 2.x - login.php Cross-Site Scripting
H-Sphere WebShell 2.x - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20532/info H-Sphere WebShell is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script co...
osCommerce 2.2 - adminzones.php?page Cross-Site Scripting
osCommerce 2.2 - adminzones.php?page Cross-Site Scripting source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...
osCommerce 2.2 - adminreviews.php?page Cross-Site Scripting
osCommerce 2.2 - adminreviews.php?page Cross-Site Scripting source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user i...
BirdBlog 1.x - 'comment.php?entryid' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...
mysource 2.14.82.16 - Multiple Vulnerabilities
mysource 2.14.82.16 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct...
Apple QuickTime Plug-In Arbitrary Script Execution Weakness
Description Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Althoug...
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution source: https://www.securityfocus.com/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script...
BandSite CMS 1.1 - 'footer.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...
PT News 1.7.8 - search.php Cross-Site Scripting
PT News 1.7.8 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20090/info PT News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the...
MyBulletinBoard 1.x UserCP.PHP Cross-Site Scripting Vulnerability
MyBulletinBoard 1.x UserCP.PHP Cross-Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/19193/info MyBulletinBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may...
Microsoft Internet Explorer 6 - Internet.HHCtrl Heap Overflow
Microsoft Internet Explorer 6 - Internet.HHCtrl Heap Overflow // MoBB Demonstration function Demo var a = new ActiveXObject"Internet.HHCtrl.1"; var b = unescape"XXXX"; while b.length Clicking the button below may crash your browser! milw0rm.com 2006-07-07...
JVN#44846612 ATutor cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution Products Affected ATutor 1.5.3 RC2 and earlier...
PHPWebGallery 1.x - comments.php Cross-Site Scripting
PHPWebGallery 1.x - comments.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18798/info PhpWebGallery is prone to a cross-site scripting vulnerability because it fails to sanitize input before displaying it to users of the application. An attacker may leverage this issue to hav...
SoftBiz Banner Exchange Script 1.0 - 'index.php?PHPSESSID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18735/info Softbiz Banner Exchange is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. An attacker may leverage these issues to have arbitrar...
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System Advisory ID: cisco-sa-20060628-wcs http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml Revision 1.0 For Public Release 2006 June 28 1600 UTC GMT -...
cpanel10.txt
A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...
webcrawlerXSS.txt
webcrawler.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...
Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities
Custom Dating Biz 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18626/info Custom Dating Biz is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...
vBulletin 3.0.9/3.5.x - 'member.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/18551/info Vbulletin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of ...