Debian Security Advisory DSA 1926-1 (typo3-src)

The remote host is missing an update to typo3-src announced via advisory DSA 1926-1. OpenVAS Vulnerability Test $Id: deb19261.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1926-1 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Design/Logic Flaw

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in myGesuad 0.9.14 aka 0.9 allow remote attackers to inject arbitrary web script or HTML via 1 the Page parameter in a List action to modules/ereignis.php, 2 the Kontext parameter in a Search action to modules/kategorie.php, 3 the image parameter ...

Online Email Manager Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications =========================================================== Online Email Manager Insecure Cookie Handling Vulnerability =========================================================== Online Email Manager Insecure Cookie Handling Vulnerability...

Esoftpro Online Guestbook Pro - display Blind SQL Injection

Esoftpro Online Guestbook Pro - display Blind SQL Injection Online Guestbook Pro display Blind SQL Injection Vulnerability Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangelg85atYahooDoTcom script : http://www.esoftpro.com/webscriptsonlineguestbookpro.php DorK : Powered by Online Guestbook Pr...

Moodle CMS Multiple Vulnerabilities (Feb 2009)

Moodle CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MediaWiki 1.6.x < 1.6.12, 1.12.x < 1.12.4, 1.13.x < 1.13.4 Multiple XSS Vulnerabilities

MediaWiki is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moodle CMS Multiple Vulnerabilities

This host is running Moodle CMS and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbmoodlecmsmultvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Moodle CMS Multiple Vulnerabilities Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via 1 the siteloc parameter in a displayaddsite action, the site parameter in a 2 generalproperties o...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WEC Discussion Forum wecdiscussion extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to 1 page/showcirculation.php; and 2 edittemplatestep2.php, 3 showfields.php, 4 showuser.php, 5 editmailingliststep1.php, and 6...

CVE-2008-0577

The CVE-2008-0577 entry concerns Drupal’s Project Issue Tracking module (5.x-2.x-dev prior to 20080130; 5.x-1.x prior to 1.2; 4.7.x prior to 2.6/1.6). The description states two vulnerabilities when the Upload module is enabled for issue nodes: (1) it does not restrict extensions of attached file...

CVE-2007-4588

Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Server Admin Level NodeWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or...

CVE-2007-2025

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to 1 whizzery/whizzypic.php or 2 whizzery/whizzylink.php...

PHP Web Scripts Easy Banner Functions.PHP远程文件包含漏洞

PHP Web Scripts Easy Banner是一款基于PHP的web应用程序。 PHP Web Scripts Easy Banner不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Functions.PHP'脚本对用户提交的'sphppath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 PHP Web Scripts Easy Banner Free 目前没有详细解决方案提供，请关注以下链接：...

CVE-2006-5166

CVE-2006-5166 describes a PHP remote file inclusion vulnerability in the PHP Web Scripts Easy Banner Free product. The issue arises in the functions.php file, where the s[phppath] parameter can be exploited to cause the server to include and execute arbitrary PHP code from a remote URL. Affected ...

CVE-2006-2751

Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...

CVE-2006-2750

Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...