MilliScripts 1.4 - 'register.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15792/info MilliScripts is prone to a cross-site scripting vulnerability. This is due to a lack of proper input validation. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of...

CF_Nuke 4.6 - 'index.cfm' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15778/info CFNuke is prone to multiple cross-site scripting vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an...

Easy Search System 1.1 - 'search.cgi' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15705/info Easy Search System is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the...

phpMyChat0146.txt

phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 startpage.css.php, style.css.php, userspopupL.php are prone to Cross-site...

Solupress News 1.0 - search.asp Cross-Site Scripting

Solupress News 1.0 - search.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/15695/info Solupress News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issu...

SiteBeater News 4.0 - 'Archive.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15697/info SiteBeater News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

PHPPost 1.0 - 'mail.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15524/info PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

ASPKnowledgebase vulnerable to XSS injection.

ASPKnowledgebase, by www.asp-programmers.com is vulnerable to XSS in some of it's input fields. If you compromise it's logon, to gain administrative privileges as my previous advisory describes - you can inject the admin form-fields with XSS. This will result in automatic execution of script when...

Simple PHP Blog 0.4 - preview_cgi.php Multiple Cross-Site Scripting Vulnerabilities

Simple PHP Blog 0.4 - previewcgi.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

VUBB - index.php Cross-Site Scripting

VUBB - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15260/info VUBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...

PHP-Nuke Search Enhanced Module 1.12.0 - HTML Injection

PHP-Nuke Search Enhanced Module 1.12.0 - HTML Injection source: https://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in...

FlatNuke 2.5.x - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15176/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of ...

Chipmunk Directory - 'recommend.php?entryID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

MySource 2.14 - 'Socket.php?PEAR_PATH' Remote File Inclusion

source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary...

security flaw

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

Security Bypass Vulnerability with Ruby

The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...

Mandrake Linux Security Advisory : mozilla (MDKSA-2005:128)

A number of vulnerabilities were reported and fixed in Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update : In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events...

IceWarp Web Mail 5.5.1 - calendar_w.html?createdataCX Cross-Site Scripting

IceWarp Web Mail 5.5.1 - calendarw.html?createdataCX Cross-Site Scripting source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

IceWarp Web Mail 5.5.1 - calendar_d.html?createdataCX Cross-Site Scripting

IceWarp Web Mail 5.5.1 - calendard.html?createdataCX Cross-Site Scripting source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execut...