Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8c6f6fe9e4d988f1180099d2a613b38e803523f9b1e5b972d27ba0320dec08c6
Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0
The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.
9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88a
An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager.
b9cdf1803245bb22824bf0f94a63052849f94ebcd387e642343d714cc5063316
The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.
23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003
Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.
aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9
Remote SQL injection, cross site scripting, and user enumeration vulnerabilities exist in DPSnet Case Progress.
0a2e10b125f92c734c445d338f2ce29f6235b3cd82345ce56eea2fbf2cda1c5d
Microsoft ASP.NET ValidateRequest filters can be bypassed allowing for cross site scripting and HTML injection attacks.
991d123ab5c384f1961576752ae8de0178e17504175d1d5b7d6c72a0c878c48b
Moodle versions 1.7.4 and below suffer from a cross site request forgery vulnerability.
9b672c9891f43e963372288c6214110301eb382e12f52a3d07f345af494e127d
Moodle version 1.6.5 is vulnerable to web root disclosure issues.
b7152cf1de201fd0666c3798c71f085ae1c67f8fcd050b3cf71b0174519848b9
A cross site scripting vulnerability exists in Moodle versions 1.7.4 and below.
b0fe23900a332e7a187b189caa6b1a774cde02b5151c2953c4ae3181b49714a8
RSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services.
5a5d9dea5b1f25761e00eb31cbd27c0bbc1985757d23d7db73ef2b3ac1f40262
A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11.
68fa1ad35fc6aa8f665119119b0250479e6e7a337c5f298e8a27980b5aa6d42a
Juniper Networks Secure Access 2000 versions prior to 5.5R3 suffer from a webroot disclosure flaw when parameters are stripped from the remediate.cgi script.
44ce64002c3bc4904109cda47e8e49a779cd38ee73e1bdddb0887df85cce8d9b
Juniper Networks Secure Access 2000 versions prior to 5.5R3 are vulnerable to a cross site scripting vulnerability. Full details provided.
f42c809cfe2e32f3528767ab5078337b58ae581f485a1cab7ce48646dba417c3
BEA Plumtree Foundation portal version 6.0 and BEA AquaLogic Interaction version 6.1 are both vulnerable to a cross site scripting vulnerability.
7a08c7f2e308d21418659bf94d530748edc0e377060fe39dc2ceed70fa329e2a
Several cross site scripting flaws, a cross domain redirect, and a webroot disclosure exist in Spyce - Python Server Pages (PSP).
077c9b43accad72d480303905614e7aa18daede74be5a5154085b44e93788a0a
sIFR version 2.0.2 suffers from a cross site scripting vulnerability.
2d82c6c1796407730517480445f8bd86e0c4e14f0657b9b35cf1ca6c4d13e9a7
Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.
d6006a16a69c00bd066f6cb36ecb14b95ece02d9fc7932ef0a831f29ef9988fd
Directory traversal, cross site scripting, and SQL injection vulnerabilities exist in the Absolute News Manager .NET version 5.1.
c20201b4d8c8d24e7310c36b1d34160f498e4b267278ba9e50ad2889cd7016c1
By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request on the BEA Plumtree Portal.
776de6dc499e6ebfc575f8b19a3ac66c6953bcc956cb6a8b5c59f0a43584290a
BEA Plumtree Portal is vulnerable to a internal hostname disclosure vulnerability.
866b56dd83ba8330356f8847ee9d66d1be2f67a4336cc14f44ee0a485a6a593a
A cross site scripting vulnerability has been discovered in Apache versions 2.2.x and 2.0.x using a malformed HTTP request with 413 error pages.
5e5ecae2dd8650f2334b76ce5c8c11c07a739563e20ab71119ce66af66f4b72c
The F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.logon.php3.
e6afb0f9bfff9f0c6c26b41688b8501ab2e432569ffb54063058d40d923885b9
The F5 FirePass 4100 SSL VPN is susceptible to cross site scripting vulnerabilities in my.activation.php3.
f93567dd019619dc99df7b77129c40ab79f517ee69a40dd6ed1e64a113c580e3