4 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores. • http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html http://lists.vmware.com/pipermail/security-announce/2009/000073.html http://secunia.com/advisories/38749 http://secunia.com/advisories/38842 http://securitytracker.com/id?1023683 http://www.osvdb.org/62738 http://www.osvdb.org/62739 http://www.osvdb.org/62740 http://www.osvdb.org/62741 http://www.osvdb.org/62742 http://www.securityfocus.com/archive/1/509883/100/0/threaded http://www.securityfocus. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. Vulnerabilidad PHP de inclusión remota de archivo en acc.php en QuickBlogger (QB) 1.4 permite a atacantes remotos ejecutar código PHP arbitrario mediante una URL en el parámetro page. • http://securityreason.com/securityalert/1651 http://securitytracker.com/id?1016934 http://www.securityfocus.com/archive/1/447003/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/29173 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. • http://secunia.com/advisories/15942 http://www.securityfocus.com/archive/1/430878/100/0/threaded http://www.securityfocus.com/archive/1/431059/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25795 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. • http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0090.html http://exploitlabs.com/files/advisories/EXPL-A-2005-011-quickblogger.txt http://secunia.com/advisories/15942 http://securitytracker.com/id?1014386 http://www.securityfocus.com/bid/14152 http://www.vupen.com/english/advisories/2005/0987 https://exchange.xforce.ibmcloud.com/vulnerabilities/21244 •