PostBoard 2.0 Topic Title Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4561/info PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems. PostBoard does not adequately sanitiz...

ESTsoft InternetDisk Arbitrary File Upload and Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18279/info ESTsoft InternetDisk is prone to an arbitrary file-upload and script-execution vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver...

Zainu 1.0 'searchSongKeyword' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36701/info Zainu is prone to a cross-site scripting vulnerability in the Contact module because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Invision Power Services Invision Board 2.1 admin.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15344/info Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issu...

Just William's Amazon Webstore Closeup.PHP Image Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13419/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

Spyce 2.1.3 docs/examples/redirect.spy Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

PhPepperShop 1.4 index.php URL XSS

No description provided by source. source: http://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

Cruiseworks 1.09 Cws.exe Doc Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20699/info Cruiseworks is prone to a remote buffer-overflow vulnerability. Specifically, the application fails to validate input passed to the 'doc' parameter of the '/scripts/cruise/cms.exe' application. Cruiseworks 1.09...

SourceBans 1.4.7 XSS Vulnerability

No description provided by source. Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:sourcebans/index.php?p=submit Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly the banned users for...

RealOne Player 1.0/2.0/6.0.10/6.0.11 SMIL File Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of...

Web Kyukincho vulnerable to cross-site scripting

Overview Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the...

PT-2014-1704 · Python +5 · Python +5

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.5 and 3.3.4 Description: The issue arises from the CGIHTTPServer module's improper handling of URL-encoded path separators in URLs. This allows remote attackers to read script source code, conduct directory traversal...

Webmin vulnerable to cross-site scripting

Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Usermin vulnerable to cross-site scripting

Overview Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

openSUSE Security Update : wireshark (openSUSE-SU-2011:1142-1)

This update of wireshark fixes the following vulnerabilities : - CVE-2011-3266: Wireshark IKE dissector vulnerability - CVE-2011-3360: Wireshark Lua script execution vulnerability - CVE-2011-3483: Wireshark buffer exception handling vulnerability - CVE-2011-2597: Lucent/Ascend file parser...

UBUNTU-CVE-2014-0532

Cross-site scripting XSS vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to...

Privilege escalation

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777...

CVE-2014-2777

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778...

Antak WebShell - A webshell which utilizes PowerShell

Antak is a webshell written in C.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands like...

Dotclear Multiple Vulnerabilities

Dotclear is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotclear:dotclear"; ifdescription...