Internet Security Report 012407
Internet Security Report 012407
This Internet Security Report in Brief:Plebo Aesdi Nael has discovered two vulnerabilities in Internet
Explorer, which can be exploited by malicious people to disclose
potentially sensitive information and potentially compromise a user's
system.
VigilantMinds has reported a vulnerability in the Opera browser, which
potentially can be exploited by malicious people to compromise a
user's system.
Additionally, a weakness has also been reported, which can be
exploited to display the SSL certificate from a trusted site on an
untrusted site.
Two vulnerabilities have been reported in various F-Secure Antivirus
products, which can be exploited by malware to bypass the scanning
functionality.
The vendor has released patches, which corrects these vulnerabilities.
Please refer to referenced Secunia advisory for additional details.
Internet Security Vulnerabilities Summary
Windows:
Nokia PC Suite CDDBControl ActiveX Control Buffer Overflow
Gracenote CDDBControl ActiveX Control Buffer Overflow
Cisco CallManager RealVNC Password Authentication Bypass
F-Secure Antivirus Products Scanning Bypass Vulnerability
Lotus Domino Malformed vCal Processing Denial of Service
Icculus.org Quake3 Engine Two Vulnerabilities
MailEnable SMTP Service HELO Denial of Service
Webmin Directory Traversal Vulnerability
Internet Explorer Information Disclosure and HTA Application
Execution
CA Products Scan Job Description Format String Vulnerability
Cisco Secure ACS Session Management Security Issue
Trend Micro Control Manager "Username" Script Insertion
Lanap BotDetect ASP.NET CAPTCHA Bypass Weakness
UNIX/Linux:
Mandriva update for mutt
Mandriva update for tetex
Gentoo update for mutt
Gentoo update for tikiwiki
Gentoo update for hashcash
Gentoo update for wv2
Gentoo update for emech
Ubuntu update for mutt
rPath update for kernel
Mandriva update for gnupg
Mandriva update for xine-lib
Mandriva update for wv2
Mandriva update for libwmf
Slackware update for gnupg
Mutt IMAP Namespace Buffer Overflow Vulnerability
EnergyMech "parse_notice" Denial of Service Vulnerability
Ubuntu update for gnupg
Hashcash "array_push" Buffer Overflow Vulnerability
Debian update for courier
SUSE update for freetype2
GnuPG "parse-packet.c" Denial of Service Vulnerability
SGI Advanced Linux Environment Multiple Updates
Mandriva update for gd
Gentoo update for horde
Ubuntu update for OpenLDAP
cPanel "file" Parameter Cross-Site Scripting Vulnerability
phpQLAdmin "domain" Cross-Site Scripting Vulnerability
Ubuntu update for mysql-server
Mandriva update for MySQL
Slackware update for kdebase
Slackware update for arts
Mandriva update for arts
Gentoo update for aRts
Gentoo update for kdebase / KDM
Debian update for pinball
PHP "error_log()" Safe Mode Bypass Weakness
HP-UX Kernel Denial of Service Vulnerability
Emilia Pinball Compiled Plugins Loading Vulnerability
Other:
Cisco Wireless Access Point Web Management Vulnerability
Cross Platform:
Mambo MOD_CBSMS Module File Inclusion Vulnerability
Mambo Pearl For Mambo Module File Inclusion Vulnerabilities
phpBB THoRCMS Add-On "phpbb_root_path" File Inclusion
Bee-hive Lite Multiple File Inclusion Vulnerabilities
PrivateWire Registration Functionality Buffer Overflow
Opera JPEG Processing Integer Overflow Vulnerability
Helix DNA Server Heap Corruption Vulnerabilities
W-Agora Multiple File Inclusion Vulnerabilities
Scout Portal Toolkit "forumid" Parameter SQL Injection
MF Piadas "page" Parameter File Inclusion Vulnerability
Jaws Cross-Site Scripting and SQL Injection
Custom dating biz dating script Multiple Vulnerabilities
Anthill SQL Injection Vulnerabilities
DeluxeBB Cross-Site Scripting and SQL Injection
ICT "post" Parameter SQL Injection Vulnerability
Softbiz Dating Script SQL Injection Vulnerabilities
Open Guestbook Cross-Site Scripting and SQL Injection
MyBB "showcodebuttons" SQL Injection Vulnerability
IBM WebSphere Application Server Two Vulnerabilities
YaBB SE "user" SQL Injection Vulnerability
Metalhead Usenet Script "group" Cross-Site Scripting
Hostflow Help Desk Script Insertion Vulnerability
Phorum Cross-Site Scripting Vulnerability
SiteBar "command" Cross-Site Scripting Vulnerability
Sun Java System Application Server Cross-Site Scripting
Dating Agent PRO Cross-Site Scripting and Information
Exposure
dotProject "login" Parameter Cross-Site Scripting
Vulnerability
Namo DeepSearch "p" Parameter Cross-Site Scripting
aeDating Multiple Cross-Site Scripting Vulnerabilities
Claroline Unspecified Cross-Site Scripting Vulnerability
Qdig Cross-Site Scripting Vulnerabilities
UebiMiau Cross-Site Scripting Vulnerabilities
mvnForum "activatemember" Cross-Site Scripting
H-Sphere Multiple Cross-Site Scripting Vulnerabilities
XennoBB "tid" Cross-Site Scripting Vulnerability
GL-SH Deaf Forum show.php Cross-Site Scripting
Internet Security Vulnerabilities Content
Windows:
Nokia PC Suite CDDBControl ActiveX Control Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
A vulnerability has been reported in Nokia PC Suite, which can be
exploited by malicious people to compromise a user's system.
Gracenote CDDBControl ActiveX Control Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
A vulnerability has been reported in GraceNote CDDBControl ActiveX
Control, which can be exploited by malicious people to compromise a
user's system.
Cisco CallManager RealVNC Password Authentication Bypass
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Cisco has acknowledged a vulnerability in Cisco CallManager, which can
be exploited by malicious people to bypass certain security
restrictions.
F-Secure Antivirus Products Scanning Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Two vulnerabilities have been reported in various F-Secure Antivirus
products, which can be exploited by malware to bypass the scanning
functionality.
Lotus Domino Malformed vCal Processing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Ollie Whitehouse has reported a vulnerability in Lotus Domino, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Icculus.org Quake3 Engine Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Luigi Auriemma has reported two vulnerabilities in Icculus.org Quake3,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and potentially to
compromise a user's system.
MailEnable SMTP Service HELO Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
DivisionByZero has reported a vulnerability in MailEnable, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Webmin Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Keigo Yamazaki has reported a vulnerability Webmin, which can be
exploited by malicious people to disclose potentially sensitive
information.
Internet Explorer Information Disclosure and HTA Application
Execution
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, System access
Plebo Aesdi Nael has discovered two vulnerabilities in Internet
Explorer, which can be exploited by malicious people to disclose
potentially sensitive information and potentially compromise a user's
system.
CA Products Scan Job Description Format String Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS, System access
A vulnerability has been reported in some CA products, which can be
exploited by malicious users to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Cisco Secure ACS Session Management Security Issue
Critical: Less critical
Where: From local network
Impact: Security Bypass
Darren Bounds has reported a security issue in Cisco Secure ACS, which
can be exploited by malicious people to bypass certain security
restrictions.
Trend Micro Control Manager "Username" Script Insertion
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting
Darren Bounds has discovered a vulnerability in Trend Micro Control
Manager, which can be exploited by malicious people to conduct script
insertion attacks.
Lanap BotDetect ASP.NET CAPTCHA Bypass Weakness
Critical: Not critical
Where: From remote
Impact: Security Bypass
Michael White and Graham Murphy have reported a weakness in Lanap
BotDetect ASP.NET, which can be exploited by malicious people to bypass
certain security restrictions.
UNIX/Linux:
Mandriva update for mutt
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Mandriva has issued an update for mutt. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.
Mandriva update for tetex
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Mandriva has issued an update for tetex. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) and to compromise a vulnerable
system.
Gentoo update for mutt
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Gentoo has issued an update for mutt. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.
Gentoo update for tikiwiki
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Gentoo has issued an update for tikiwiki. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.
Gentoo update for hashcash
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Gentoo has issued an update for hashcash. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Gentoo update for wv2
Critical: Moderately critical
Where: From remote
Impact: System access
Gentoo has issued an update for wv2. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise an
application using the library.
Gentoo update for emech
Critical: Moderately critical
Where: From remote
Impact: DoS
Gentoo has issued an update for emech. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Ubuntu update for mutt
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Ubuntu has issued an update for mutt. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.
rPath update for kernel
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS
rPath has released an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information and cause a DoS (Denial of
Service), and by malicious people to cause a DoS.
Mandriva update for gnupg
Critical: Moderately critical
Where: From remote
Impact: DoS
Mandriva has issued an update for gnupg. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Mandriva update for xine-lib
Critical: Moderately critical
Where: From remote
Impact: System access, DoS
Mandriva has issued an update for xine-lib. This fixes a weakness,
which can be exploited by malicious people to crash certain
applications on a user's system
Mandriva update for wv2
Critical: Moderately critical
Where: From remote
Impact: System access
Mandriva has issued an update for wv2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.
Mandriva update for libwmf
Critical: Moderately critical
Where: From remote
Impact: System access
Mandriva has issued an update for libwmf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Slackware update for gnupg
Critical: Moderately critical
Where: From remote
Impact: DoS
Slackware has issued an update for gnupg. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Mutt IMAP Namespace Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
TAKAHASHI Tamotsu has reported a vulnerability in Mutt, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.
EnergyMech "parse_notice" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
A vulnerability has been reported in EnergyMech, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Ubuntu update for gnupg
Critical: Moderately critical
Where: From remote
Impact: DoS
Ubuntu has issued an update for gnupg. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Hashcash "array_push" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
A vulnerability has been reported in Hashcash, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
to compromise a vulnerable system.
Debian update for courier
Critical: Moderately critical
Where: From remote
Impact: DoS
Debian has issued an update for courier. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
SUSE update for freetype2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
SUSE has issued an update for freetype2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise applications using
the library.
GnuPG "parse-packet.c" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
A vulnerability has been reported in GnuPG, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).
SGI Advanced Linux Environment Multiple Updates
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Privilege escalation, DoS
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, a weakness, and two security issues, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges, to bypass certain security restrictions, and to
cause a DoS (Denial of Service), and by malicious people to bypass
certain security restrictions, to disclose system information, to cause
a DoS (Denial of Service), and to conduct SQL injection attacks.
Mandriva update for gd
Critical: Less critical
Where: From remote
Impact: DoS
Mandriva has issued an update for gd. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) against applications and services using libgd.
Gentoo update for horde
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Gentoo has issued an update for horde. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Ubuntu update for OpenLDAP
Critical: Less critical
Where: From remote
Impact: DoS, System access
Ubuntu has issued an update for OpenLDAP. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
cPanel "file" Parameter Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Preth00nker has reported a vulnerability in cPanel, which can be
exploited by malicious people to conduct cross-site scripting attacks.
phpQLAdmin "domain" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
r0t has reported some vulnerabilities in phpQLAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Ubuntu update for mysql-server
Critical: Less critical
Where: From local network
Impact: DoS
Ubuntu has issued an update for mysql-server. This fixes a
vulnerability, which can be exploited by malicious users to cause a DoS
(Denial of Service).
Mandriva update for MySQL
Critical: Less critical
Where: From local network
Impact: DoS
Mandriva has issued an update for MySQL. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Slackware update for kdebase
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Slackware has issued an update for kdebase. This fixes a vulnerability,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.
Slackware update for arts
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Slackware has issued an update for arts. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Mandriva update for arts
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Mandriva has issued an update for arts. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Gentoo update for aRts
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Gentoo has issued an update for aRts. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Gentoo update for kdebase / KDM
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Gentoo has issued an update for kdebase / KDM. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
knowledge of sensitive information.
Debian update for pinball
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Debian has issued an update for pinball. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
PHP "error_log()" Safe Mode Bypass Weakness
Critical: Not critical
Where: Local system
Impact: Security Bypass
Maksymilian Arciemowicz has discovered a weakness in PHP, which can be
exploited by malicious, local users to bypass certain security
restrictions.
HP-UX Kernel Denial of Service Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Emilia Pinball Compiled Plugins Loading Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in Pinball, which can be exploited by
malicious, local users to gain escalated privileges.
Other:--
Cisco Wireless Access Point Web Management Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
A vulnerability has been reported in Cisco Wireless Access Point, which
can be exploited by malicious people to bypass certain security
restrictions.
Cross Platform:
Mambo MOD_CBSMS Module File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Mambo Pearl For Mambo Module File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Kw3[R]Ln has discovered some vulnerabilities in the Pearl For Mambo
module for Mambo, which can be exploited by malicious people to
compromise a vulnerable system.
phpBB THoRCMS Add-On "phpbb_root_path" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Kw3[R]Ln has reported a vulnerability in the "THoRCMS" add-on for
phpBB, which can be exploited by malicious people to compromise a
vulnerable system.
Bee-hive Lite Multiple File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Kw3[R]Ln has discovered some vulnerabilities in Bee-hive Lite, which
can be exploited by malicious people to compromise a vulnerable
system.
PrivateWire Registration Functionality Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Michael Thumann has reported a vulnerability in PrivateWire, which can
be exploited by malicious people to cause a DoS and potentially
compromise a vulnerable system.
Opera JPEG Processing Integer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
VigilantMinds has reported a vulnerability in Opera browser, which can
be exploited by malicious people to compromise a user's system.
Helix DNA Server Heap Corruption Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Mu Security research team has reported two vulnerabilities in Helix DNA
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.
W-Agora Multiple File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Dedi Dwianto has discovered some vulnerabilities in W-Agora, which can
be exploited by malicious people to compromise a vulnerable system.
Scout Portal Toolkit "forumid" Parameter SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Simo64 has discovered a vulnerability in Scout Portal Toolkit, which
can be exploited by malicious people to conduct SQL injection attacks.
MF Piadas "page" Parameter File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Kurdish Security has discovered a vulnerability in MF Piadas, which can
be exploited by malicious users to compromise a vulnerable system.
Jaws Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
rgod has discovered some vulnerabilities in Jaws, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.
Custom dating biz dating script Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
luny has reported some vulnerabilities in Custom dating biz dating
script, which can be exploited by malicious people to conduct
cross-site scripting and script insertion attacks.
Anthill SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
r0t has discovered two vulnerabilities in Anthill, which can be
exploited by malicious people to conduct SQL injection attacks.
DeluxeBB Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Two vulnerabilities have been discovered in DeluxeBB, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
ICT "post" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
r0t has reported a vulnerability in ICT, which can be exploited by
malicious people to conduct SQL injection attacks.
Softbiz Dating Script SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Ellipsis Security has reported some vulnerabilities in Softbiz Dating
Script, which can be exploited by malicious people to conduct SQL
injection attacks.
Open Guestbook Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Moroccan Security Team has discovered two vulnerabilities in Open
Guestbook, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.
MyBB "showcodebuttons" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
imei addmimistrator has reported a vulnerability in MyBB, which can be
exploited by malicious people to conduct SQL injection attacks.
IBM WebSphere Application Server Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Exposure of sensitive information
Two vulnerabilities have been reported in IBM WebSphere Application
Server, where one has an unknown impact and the other can be exploited
by malicious people to gain knowledge of sensitive information.
YaBB SE "user" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Sam Thomas has discovered a vulnerability in YaBB SE, which can be
exploited by malicious people to conduct SQL injection attacks.
Metalhead Usenet Script "group" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has reported a vulnerability in Metalhead Usenet Script, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Hostflow Help Desk Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
r0t has reported a vulnerability in Hostflow, which can be exploited by
malicious users to conduct script insertion attacks.
Phorum Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
A vulnerability has been reported in Phorum, which can be exploited by
malicious people to conduct cross-site scripting attacks.
SiteBar "command" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Botan has discovered a vulnerability in SiteBar, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Sun Java System Application Server Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
A vulnerability has been reported in Sun Java System Application
Server, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Dating Agent PRO Cross-Site Scripting and Information
Exposure
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information
Ellipsis Security has reported some vulnerabilities and a weakness in
Dating Agent PRO, which can be exploited by malicious people to
disclose system information and conduct cross-site scripting attacks.
dotProject "login" Parameter Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
A vulnerability has been reported in dotProject, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Namo DeepSearch "p" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Kil13r has reported a vulnerability in Namo DeepSearch, which can be
exploited by malicious people to conduct cross-site scripting attacks.
aeDating Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Ellipsis Security has reported some vulnerabilities in aeDating, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Claroline Unspecified Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
securitynews has reported a vulnerability in Claroline, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Qdig Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Two vulnerabilities have been discovered in Qdig, which can be
exploited by malicious people to conduct cross-site scripting attacks.
UebiMiau Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
r0t has reported some vulnerabilities in UebiMiau, which can be
exploited by malicious people to conduct cross-site scripting attacks.
mvnForum "activatemember" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
r0t has reported some vulnerabilities in mvnForum, which can be
exploited by malicious people to conduct cross-site scripting attacks.
H-Sphere Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
r0t has reported some vulnerabilities in H-Sphere, which can be
exploited by malicious people to conduct cross-site scripting attacks.
XennoBB "tid" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
r0t has discovered a vulnerability in XennoBB, which can be exploited
by malicious people to conduct cross-site scripting attacks.
GL-SH Deaf Forum show.php Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Some vulnerabilities have been discovered in GL-SH Deaf Forum, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
