CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12930/info CPG Dragonfly is prone to multiple cross-site scripting vulnerabilities in various modules. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of...

UApplication Ublog 1.0.x - Cross-Site Scripting

source: https://www.securityfocus.com/bid/12931/info Ublog is affected by a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentia...

Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12907/info Nuke Bookmarks is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based...

Dream4 Koobi CMS 4.2.3 - index.php Cross-Site Scripting

Dream4 Koobi CMS 4.2.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12895/info Koobi CMS is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may levera...

PHPSysInfo 2.02.3 - sensor_program Cross-Site Scripting

PHPSysInfo 2.02.3 - sensorprogram Cross-Site Scripting source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacke...

DigitalHive 2.0 - membres.php?mt Cross-Site Scripting

DigitalHive 2.0 - membres.php?mt Cross-Site Scripting source: https://www.securityfocus.com/bid/12883/info DigitalHive is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may levera...

DigitalHive 2.0 - 'msg.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12883/info DigitalHive is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed i...

PHPSysInfo 2.0/2.3 - 'sensor_program' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...

PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...

Interspire ArticleLive 2005 - NewComment Cross-Site Scripting

source: https://www.securityfocus.com/bid/12879/info Interspire ArticleLive 2005 is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

TRG News 3.0 Script - Remote File Inclusion

TRG News 3.0 Script - Remote File Inclusion source: https://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality...

CzarNews 1.131.14 - headlines.php Remote File Inclusion

CzarNews 1.131.14 - headlines.php Remote File Inclusion source: https://www.securityfocus.com/bid/12857/info CzarNews is prone to a remote file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of th...

CoolForum 0.50.70.8 - avatar.php?img Cross-Site Scripting

CoolForum 0.50.70.8 - avatar.php?img Cross-Site Scripting source: https://www.securityfocus.com/bid/12852/info Multiple remote input validation vulnerabilities affect CoolForum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carr...

[UNIX] Multiple Vulnerabilities in phpWebLog (Cross Site Scripting, File Inclusion)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate...

YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting

YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting source: https://www.securityfocus.com/bid/12756/info A remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically...

Stadtaus.Com PHP Form Mail Script 2.3 - Remote File Inclusion

Stadtaus.Com PHP Form Mail Script 2.3 - Remote File Inclusion source: https://www.securityfocus.com/bid/12735/info PHP Form Mail Script is prone to remote file include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the...

CuteNews <= 1.3.6 Multiple XSS

According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an...

CVE-2005-0591

CVE-2005-0591 affects Firefox prior to 1.0.1, allowing remote spoofing of the security and download modal dialogs (Firespoofing). Red Hat advisory RHSA-2005:176 and CentOS notes indicate that Firefox was updated and recommend upgrading to Mozilla 1.7.7 to remediate the issue.

phpMyAdmin 2.6 - Multiple Local File Inclusions

phpMyAdmin 2.6 - Multiple Local File Inclusions source: https://www.securityfocus.com/bid/12645/info phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP...