InstantASP 4.1 Logon.aspx SessionID Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...

Campsite 2.6.1 - LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...

PHP-Nuke Error Manager Module 2.1 error.php Multiple Variables XSS

No description provided by source. source: http://www.securityfocus.com/bid/9911/info It has been reported that Error Manager is prone to multiple vulnerabilities. These issues are due to failure to validate user input, failure to handle exceptional conditions and simple design errors. These issu...

PHP-Nuke DownloadsPlus Module - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28919/info The DownloadsPlus module for PHP-Nuke is prone to a vulnerability that lets remote attackers upload and execute arbitrary code because the application fails to sanitize user-supplied input. This issue permits...

TelCondex SimpleWebserver 2.12.30210 build 3285 HTTP Referer Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8925/info A vulnerability has been reported in SimpleWebServer that may allow a remote attacker to cause a denial of service condition or execute arbitrary code on vulnerable host. The issue is reported to exist due to a...

BookReview 1.0 add_booklist.htm node Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

MyBB 1.1.1 Showthread.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17904/info MyBB is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an...

FreeHostShop Website Generator 3.3 - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16823/info Website generator is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may...

Serenity Audio Player 3.2.3 '.m3u' File Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39768/info Serenity Audio Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the...

PhpWebGallery 1.3.4/1.5.1 comments.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attack...

Joe Text Editor 2.8 .joerc Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools. A problem in the...

IRIX 6.5.x dmplay Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1528/info Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the way the program...

BEA WebLogic 7.0/8.1 Administration Console Error Page Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13794/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the error page. A...

Meet#Web 0.8 RegResource.class.php root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30673/info MeetWeb is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

CGIEmail 1.6 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6141/info A vulnerability has been discovered in CGIEmail. It should be noted that this vulnerability exists only if the server allows queries to remote hosts. A remotely exploitable buffer overflow has been discovered in...

DUportal Pro 3.4 result.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacke...

Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...

Indexu 5.0/5.3 user_detail.php u Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

Nukeviet 2.0 'admin/login.php' Cookie Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30681/info Nukeviet is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this vulnerability to gain...

Grayscale BandSite CMS 1.1 footer.php this_year Parameter XSS

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from urlparse import urljoin class TestPOCPOCBase: vulID = 'SSV-82196' vul ID version = '1' author = 'fenghh' vulDate =...