Release date:Updated on:
Affected Systems:Horde IMP Horde Groupware Webmail Edition Unaffected system:Horde IMP 5.0.21Horde Groupware Webmail Edition 4.0.8Description:--------------------------------------------------------------------------------Bugtraq id: 53435
IMP is an internet messaging program written in PHP. It provides webpage email access and rich Web message transmission for IMAP and POP3 accounts.
The Horde IMP Webmail client earlier than IMP 5.0.21 has multiple
Release date:Updated on: 2011-06-06
Affected Systems:Adobe Flash Player 9.xAdobe Flash Player 10.xUnaffected system:Adobe Flash Player 10.3.181.23Adobe Flash Player 10.3.181.22Description:--------------------------------------------------------------------------------Bugtraq id: 48107Cve id: CVE-2011-2107
Flash Player is a high-performance, lightweight, and expressive client runtime Player.
Adobe Flash Player has a cross-
Release date:Updated on:
Affected Systems:Mozilla Bugzilla 4.xMozilla Bugzilla 3.xDescription:--------------------------------------------------------------------------------Bugtraq id: 56504Cve id: CVE-2012-4189
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects.
Bugzilla does not properly filter Field Values in the tabular report. Attackers can exploit this vulnerability to
Release date:Updated on:
Affected Systems:Apache Group mod_pagespeed Description:--------------------------------------------------------------------------------Bugtraq id: 55536Cve id: CVE-2012-4001 CVE-2012-4360
Mod_pagespeed is an open-source Apache module that automatically optimizes web pages and resources.
The Apache 'mod _ pagespeed' module has the cross-site
Release date: 2012-12-02Updated on:
Affected Systems:Kokanosky phpmynewsletter 0.8Description:--------------------------------------------------------------------------------Bugtraq id: 56773
PhpMyNewsLetter is the mail list management script.
PhpMyNewsLetter 0.8 and other versions have multiple cross-site scripting vulnerabilities. Attackers can exploit these
Release date:Updated on:
Affected Systems:IBM Lotus Notes 8.5.3 Fix Pack 2Description:--------------------------------------------------------------------------------Bugtraq id: 56944CVE (CAN) ID: CVE-2012-4846
IBM Lotus Notes is a desktop client that provides users with single-point access, helping them create, query, and share knowledge, collaborate with teams, and take appropriate actions.
The cross-site
World of Phaos SQL injection and Cross-Site Scripting
Release date:Updated on:
Affected Systems:WorldofphaosDescription:--------------------------------------------------------------------------------Bugtraq id: 56347
World of phaos is a browser-based RPG Game written in PHP.
World of Phaos 0.9.82-UPDATED-5 and other versions have security vulnerabilities tha
Adobe Flash Player and AIR cross-site scripting (CVE-2014-0531)
Release date:Updated on:
Affected Systems:Adobe Flash Player 13.xAdobe AIR 13.xDescription:--------------------------------------------------------------------------------Bugtraq id: 67962CVE (CAN) ID: CVE-2014-0531Adobe Flash Player is an integrated multimedia Player. Adobe AIR is a technology devel
CensorNet Professional v4 'lookup _ url' Parameter Cross-Site Scripting Vulnerability
Release date:Updated on:
Affected Systems:Censornet CensorNet Professional v4 2.1.7Censornet CensorNet ProfessionalDescription:--------------------------------------------------------------------------------Bugtraq id: 58865CensorNet Professional is an Internet filtering softw
Affected Systems:PhpBB Group Chart Mod 1.1Description:--------------------------------------------------------------------------------Bugtraq id: 17952
PhpBB is a Web-based Open Source Forum program implemented in PHP, which is widely used. It supports multiple databases as the backend, such as Oracle, MSSQL, MySql, and ipvs.
Multiple cross-site scripting and S
Affected Versions:E107 website system 0.7.16 vulnerability description:
E107 is a content management system written in php.
The following modules of e107 do not fully filter user submitted variables:
-Submitnews. php-Usersettings. php.-E107_admin/newpost. php.-E107_admin/banlist. php.-E107_admin/banner. php.-E107_admin/cpage. php-E107_admin/download. php.-E107_admin/users_extended.php.-E107_admin/frontpage. php.-E107_admin/links. php.-E107_admin/mailout. php.
Remote attackers can execute
Affected Versions:
HP System Management Homepage 3.0HP System Management Homepage 2.1Vulnerability description:
HP System Management home page (SMH) is a Web-based interface that integrates and simplifies Windows, Lunux, and HP-UX Operating Systems
A single system management process for HP servers. Hp smh does not properly filter the servercert parameter in the URI request. If a user is cheated and follows a malicious link, cross-
Release date:Updated on:
Affected Systems:PhpLDAPadmin 1.2.2Unaffected system:PhpLDAPadmin 2.0Description:--------------------------------------------------------------------------------Bugtraq id: 51793Cve id: CVE-2012-0834
PhpLDAPadmin is a web-based LDAP client that allows you to conveniently manage LDAP servers.
A cross-site scripting vulnerability exists in
Release date:Updated on:
Affected Systems:Cisco Secure Access Control Server Description:--------------------------------------------------------------------------------Bugtraq id: 65016CVE (CAN) ID: CVE-2014-0668
Cisco Secure Access Control System is an Access policy Control platform.
The portal website of Cisco Secure Access Control System (ACS) 5.4.0.46.3 and earlier versions has the cross-site
Release date:Updated on:
Affected Systems:CouponPHP 1.0Description:--------------------------------------------------------------------------------CouponPHP is a content management system for discount coupons and transaction websites.
CouponPHP CMS 1.0 does not properly filter/admin/ajax/comments_paginate.php or the "sEcho" GET parameter value of/admin/ajax/stores_paginate.php. Multiple cross-site
Release date:Updated on:
Affected Systems:Mathias-ketaskcheck_mk 1.2.2p2Description:--------------------------------------------------------------------------------Bugtraq id: 66391CVE (CAN) ID: CVE-2014-2329Check_MK is a common Nagios/Icinga data collection plug-in.Check_MK 1.2.2p2 and other versions have multiple HTML Injection Vulnerabilities and Cross-Site Scriptin
Methods to prevent cross-site scripting attacks
1. Use space to replace the special character % 2. Use @. Specifically, use the following statement:
Exec = "insert into user (username, psw, sex, department, phone, email, demo) values ('" username "', '" psw "', '" sex "', '" Department "', '" phone "', '" Email "', '" @ demo "')"
Conn.exe cute Exec
Replace
Release date:Updated on:
Affected Systems:Wamp WampServer 2.2CWamp WampServer 2.1Description:--------------------------------------------------------------------------------Bugtraq id: 52054Cve id: CVE-2010-0700
WampServer is a Windows Web development environment. You can use Apache2, PHP, and MySQL databases to create Web applications.
WampServer has a cross-site sc
Release date:Updated on:
Affected Systems:Cisco IronPort Encryption Appliance 6.xUnaffected system:Cisco IronPort Encryption Appliance 6.5.3Description:--------------------------------------------------------------------------------Bugtraq id: 52030Cve id: CVE-2012-0340
IronPort is a widely used email encryption gateway that can seamlessly encrypt, decrypt, and sign confidential emails.
The IronPort encryption device has a cross-
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.