SKForum user.View.action userID Variable XSS
SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'userID' variable upon submission to the 'user.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
SKForum planning.View.action time Variable XSS
SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'time' variable upon submission to the 'planning.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
SKForum area.View.action areaID Variable XSS
SKForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'areaID' variable upon submission to the 'area.View.action' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
ARIA (Accounting Receiving and Inventory Administration) gencompanyadd.php Multiple Variable XSS
ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'address1', 'address2', 'city', 'email', and 'web' variables upon submission to the gencompanyadd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
ARIA (Accounting Receiving and Inventory Administration) docmgmtadd.php Multiple Variable XSS
ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'description' and 'comment' variables upon submission to the docmgmtadd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
MWNewsletter unsubscribe.php user_name Variable SQL Injection
MWNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the unsubscribe.php script not properly sanitizing user-supplied input to the 'user_name' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
MWNewsletter subscribe.php user_name Variable XSS
MWNewsletter contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user_name' variable upon submission to the subscribe.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
ARIA (Accounting Receiving and Inventory Administration) gencompanyupd.php Multiple Variable XSS
ARIA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name', 'address1', 'address2', 'city', 'email', and 'web' variables upon submission to the gencompanyupd.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Mailman Scrubber.py Crafted Multipart MIME Message DoS
Mailman contains a flaw that may allow a remote denial of service. The issue is triggered when a multipart MIME message with a malformed part is received by the 'Scrubber.py' script, and will result in loss of availability for the list.. Read more.
Cisco 11500 Content Services Switch HTTP Compression DoS
Cisco 11500 series Content Service Switches contains a flaw that may allow a remote denial of service. The issue is triggered when either "a valid, but obsolete" or a "specially crafted" HTTP request is received, and will result in loss of availability for the service. The flaw is only exploitable when HTTP compression is enabled, but it is not clear what role compression plays in exploitation of the flaw.. Read more.
Vuln: MPlayer Multiple Integer Overflow Vulnerabilities
MPlayer Multiple Integer Overflow Vulnerabilities. Read more.
Vuln: Clam Anti-Virus ClamAV Multiple Vulnerabilities
Clam Anti-Virus ClamAV Multiple Vulnerabilities. Read more.
