PR08-19: XSS on Cisco IOS HTTP Server

PR08-19: XSS on Cisco IOS HTTP Server Date found: 1st August 2008 Vendor contacted: 1st August 2008 Advisory publicly released: 14th January 2009 Severity: Medium Credits: Adrian Pastor of ProCheckUp Ltd www.procheckup.com Description: Cisco IOS HTTP server is vulnerable to XSS within invalid...

Gentoo Security Advisory GLSA 200505-10 (phpBB)

The remote host is missing updates announced in advisory GLSA 200505-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200506-12 (mediawiki)

The remote host is missing updates announced in advisory GLSA 200506-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability

Adobe Presenter is prone to a cross-site scripting CSS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ProCheckUp Security Advisory 2007.41

PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...

lotusquickr-xss.txt

description:Lotus Quickr, announced at Lotusphere 2007, is an evolution of Lotus QuickPlace ,The software use a weak xss filter that an attacker can bypass this xss filter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to ...

PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

PR07-14: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass...

FreeBSD : horde -- multiple parameter XSS vulnerabilities (09429f7c-fd6e-11da-b1cd-0050bf27ba24)

FrSIRT advisory ADV-2006-2356 reports : Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the 'test.php' and 'templates/problem/problem.inc' scrip...

FreeBSD : htdig -- XSS vulnerability (673aec6f-1cae-11da-bc01-000e0c2e438a)

Michael Krax reports a vulnerability within htdig. The vulnerability lies within an unsanitized config parameter, allowing a malicious attacker to execute arbitrary scripting code on the target's browser. This might allow the attacker to obtain the user's cookies which are associated with the sit...

Cross-Site Scripting in Verisign’s haydn.exe CGI script

Date Published: 2006-03-20 Last Update: 2006-03-20 Advisory ID: CORE-2006-0124 Bugtraq ID: 17170 CVE Name: CVE-2006-1344 Title: Cross-Site Scripting in Verisign’s haydn.exe CGI script Class: Input Validation Error Remotely Exploitable: Yes Locally Exploitable: No Advisory...

Code injection

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due...

CVE-2006-0947

CVE-2006-0947 affects Thomson SpeedTouch modem firmware 5.3.2.6.0. Affected component is the NewUser function where the 31 parameter can create accounts that the administrator cannot delete, due to filtering/cleansing in the admin interface. The issue allows remote attackers to create non-deletab...

fipsCMS.txt

fipsCMS lights is a freeware product of fipsasp.com. If you log on as admin, you can generate new pages in the CMS system. If you inject the "headline" field with scriptingcode like alert‘code executed’, this will automaticly launch when a users visits that site. Please credit to: Preben Nyløkken...

GLSA-200505-10 : phpBB: XSS Vulnerability

The remote host is affected by the vulnerability described in GLSA-200505-10 phpBB: XSS Vulnerability phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user-supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post,...

CVE-2004-1911

CVE-2004-1911 concerns an XSS vulnerability in AzDGDatingLite 2.1.1. The issue allows remote attackers to inject arbitrary web script or HTML via (1) l parameter (language) to index.php or (2) id parameter to view.php. The NVD entry cites a base score of 4.3 (Medium) with network attack vector, n...

htdig -- cross site scripting vulnerability

Michael Krax reports a vulnerability within htdig. The vulnerability lies within an unsanitized config parameter, allowing a malicious attacker to execute arbitrary scripting code on the target's browser. This might allow the attacker to obtain the user's cookies which are associated with the sit...

NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting

NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error page...

Fluid Dynamics Search Engine 2.0 - Cross-Site Scripting

Fluid Dynamics Search Engine 2.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5199/info Fluid Dynamics Search Engine is a search application for local and remote web sites, and is designed to work in most UNIX and Microsoft Windows environments. Fluid Dynamics Search Engine an...

: Multiples vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer

Advisory ID Internal CORE-2006-0322 Advisory Information Advisory ID : CORE-2006-0322 Bugtraq ID : 19900 CVE Name : CVE-2006-4660 / CVE-2006-4661 Title : Multiples vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer Class : Access Validation Error/Design Error, Input validation error Remotel...