309 matches found
CVE-2015-1425
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities...
CVE-2017-17170
The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the...
CVE-2017-17304
CVE-2017-17304 covers CIDAM Protocol input validation vulnerabilities in Huawei CIDAM implementations. The issue affects Huawei DP300, RP200, TE30/TE40/TE50/TE60 (and eSpace U1981) across extensive firmware versions (listed in the sources). An authenticated remote attacker could send a crafted me...
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID:...
AIOCP 1.3.x cp_forum_view.php choosed_language Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...
Claroline 1.8.9 phpbb/reply.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
Tyger Bug Tracking System 1.1.3 Login.php PATH_INFO Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize...
Grayscale BandSite CMS 1.1 pastshows_content.php the_band Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
Grayscale BandSite CMS 1.1 login_header.php the_band Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
Claroline 1.8.9 document/document.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
event calendar Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11693/info Event Calendar is prone to multiple input validation vulnerabilities. These issues include HTML injection and cross-site scripting. The following specific vulnerabilities were reported: A cross-site scripting...
BestWebApp Dating Site Login Component Multiple Field SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21158/info BestWebApp Dating Site is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker...
Grayscale BandSite CMS 1.1 sendemail.php message_text Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
EasyDynamicPages 3.0 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30305/info EasyDynamicPages is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...
Five Star Review Script 0 index2.php sort Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/18390/info Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to run arbitrary HTML a...
Claroline 1.8.9 announcements/announcements.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
Claroline 1.8.9 course/index.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
Grayscale BandSite CMS 1.1 news_content.php the_band Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
Grayscale BandSite CMS 1.1 footer.php this_year Parameter XSS
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from urlparse import urljoin class TestPOCPOCBase: vulID = 'SSV-82196' vul ID version = '1' author = 'fenghh' vulDate =...
IceWarp Universal WebMail /mail/index.html lang_settings Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can explo...