Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8c6f6fe9e4d988f1180099d2a613b38e803523f9b1e5b972d27ba0320dec08c6Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.
9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88aAn unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager.
b9cdf1803245bb22824bf0f94a63052849f94ebcd387e642343d714cc5063316The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.
23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.
aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9Remote SQL injection, cross site scripting, and user enumeration vulnerabilities exist in DPSnet Case Progress.
0a2e10b125f92c734c445d338f2ce29f6235b3cd82345ce56eea2fbf2cda1c5dMicrosoft ASP.NET ValidateRequest filters can be bypassed allowing for cross site scripting and HTML injection attacks.
991d123ab5c384f1961576752ae8de0178e17504175d1d5b7d6c72a0c878c48bMoodle versions 1.7.4 and below suffer from a cross site request forgery vulnerability.
9b672c9891f43e963372288c6214110301eb382e12f52a3d07f345af494e127dMoodle version 1.6.5 is vulnerable to web root disclosure issues.
b7152cf1de201fd0666c3798c71f085ae1c67f8fcd050b3cf71b0174519848b9A cross site scripting vulnerability exists in Moodle versions 1.7.4 and below.
b0fe23900a332e7a187b189caa6b1a774cde02b5151c2953c4ae3181b49714a8RSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services.
5a5d9dea5b1f25761e00eb31cbd27c0bbc1985757d23d7db73ef2b3ac1f40262A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11.
68fa1ad35fc6aa8f665119119b0250479e6e7a337c5f298e8a27980b5aa6d42aJuniper Networks Secure Access 2000 versions prior to 5.5R3 suffer from a webroot disclosure flaw when parameters are stripped from the remediate.cgi script.
44ce64002c3bc4904109cda47e8e49a779cd38ee73e1bdddb0887df85cce8d9bJuniper Networks Secure Access 2000 versions prior to 5.5R3 are vulnerable to a cross site scripting vulnerability. Full details provided.
f42c809cfe2e32f3528767ab5078337b58ae581f485a1cab7ce48646dba417c3BEA Plumtree Foundation portal version 6.0 and BEA AquaLogic Interaction version 6.1 are both vulnerable to a cross site scripting vulnerability.
7a08c7f2e308d21418659bf94d530748edc0e377060fe39dc2ceed70fa329e2aSeveral cross site scripting flaws, a cross domain redirect, and a webroot disclosure exist in Spyce - Python Server Pages (PSP).
077c9b43accad72d480303905614e7aa18daede74be5a5154085b44e93788a0asIFR version 2.0.2 suffers from a cross site scripting vulnerability.
2d82c6c1796407730517480445f8bd86e0c4e14f0657b9b35cf1ca6c4d13e9a7Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.
d6006a16a69c00bd066f6cb36ecb14b95ece02d9fc7932ef0a831f29ef9988fdDirectory traversal, cross site scripting, and SQL injection vulnerabilities exist in the Absolute News Manager .NET version 5.1.
c20201b4d8c8d24e7310c36b1d34160f498e4b267278ba9e50ad2889cd7016c1By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request on the BEA Plumtree Portal.
776de6dc499e6ebfc575f8b19a3ac66c6953bcc956cb6a8b5c59f0a43584290aBEA Plumtree Portal is vulnerable to a internal hostname disclosure vulnerability.
866b56dd83ba8330356f8847ee9d66d1be2f67a4336cc14f44ee0a485a6a593aA cross site scripting vulnerability has been discovered in Apache versions 2.2.x and 2.0.x using a malformed HTTP request with 413 error pages.
5e5ecae2dd8650f2334b76ce5c8c11c07a739563e20ab71119ce66af66f4b72cThe F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.logon.php3.
e6afb0f9bfff9f0c6c26b41688b8501ab2e432569ffb54063058d40d923885b9The F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.activation.php3.
f93567dd019619dc99df7b77129c40ab79f517ee69a40dd6ed1e64a113c580e3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed