zTree Cross Site Scripting Vulnerability

zTree is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ztreeproject:ztree";...

Debian: Security Advisory (DSA-1098-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1298-1 (otrs2)

The remote host is missing an update to otrs2 announced via advisory DSA 1298-1. OpenVAS Vulnerability Test $Id: deb12981.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1298-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1094-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1298-1 : otrs2 - missing input sanitising

It was discovered that the Open Ticket Request System performs insufficient input sanitising for the Subaction parameter, which allows the injection of arbitrary web script code. The oldstable distribution sarge doesn't include otrs2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1290-1 : squirrelmail - missing input sanitising

It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-1208-1 : bugzilla - several vulnerabilities

Several remote vulnerabilities have been discovered in the Bugzilla bug tracking system, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4534 Javier Fernandez-Sanguino Pena discovered that insecure...

Debian DSA-1148-1 : gallery - several vulnerabilities

Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. ...

Debian DSA-1063-1 : phpgroupware - missing input sanitising

It was discovered that the Avatar upload feature of FUD Forum, a component of the web-based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1033-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabiliti...

[eVuln] Doika guestbook 'page' XSS Vulnerability

New eVuln Advisory: Doika guestbook 'page' XSS Vulnerability http://evuln.com/vulns/134/summary.html --------------------Summary---------------- eVuln ID: EV0134 CVE: CVE-2006-4325 Software: Doika guestbook Sowtware's Web Site: http://doika.net/ Versions: 2.5 Critical Level: Harmless Type:...

IwebNegar v1.1 Multiple vulnerabilities

:: IwebNegar v1.1 Multiple vulnerabilities :: ------------------------------------------------ Software : IwebNegar v1.1 Website : ---- Bug Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerability ------------------------------------------------- Parameter "comment" are not...

[SECURITY] [DSA 1098-1] New horde3 packages fix cross-site scripting

-------------------------------------------------------------------------- Debian Security Advisory DSA 1098-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 14th, 2006 http://www.debian.org/security/faq -...

DSA-1094-1 gforge - missing input sanitising

Bulletin has no description...

[SECURITY] [DSA 1066-1] New phpbb2 packages fix execution of arbitrary web script code

-------------------------------------------------------------------------- Debian Security Advisory DSA 1066-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 20th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code

-------------------------------------------------------------------------- Debian Security Advisory DSA 1063-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 8th, 2006 http://www.debian.org/security/faq -...

[eVuln] MWGuest XSS Vulnerability

New eVuln Advisory: MWGuest XSS Vulnerability http://evuln.com/vulns/122/summary.html --------------------Summary---------------- eVuln ID: EV0122 Vendor: Manic Web Software: MWGuest Sowtware's Web Site: http://www.manicweb.co.uk/ Versions: 2.1.0 Critical Level: Harmless Type: Cross-Site Scriptin...

DSA-1034-1 horde2 - several vulnerabilities

Bulletin has no description...