Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities

t;XSS"); Stored (example): On posts to 1.append when adding new entries into the wiki, the application does not properly escape javascript code resulting in a stored cross-site scripting attack. Credit: Brad Antoniewicz [EMAIL PROTECTED]

Cisco BBSM Captive Portal Cross-site Scripting

o%20Building%20Broadband%20Service%20Manager%205.3&treeMdfId=281527126&treeName=Network%20Monitoring%20and%20Management Download BBSMPatch5332.zip CVE: CVE-2008-2165 Credit: Brad Antoniewicz [EMAIL PROTECTED]

MetaGauge 1.0.0.17 Directory Traversal

mer has addressed the issue in the latest version of MetaGauge: http://dl.hammer-software.com/metagauge.zip CVE: CVE-2008-4421 Credit: Brad Antoniewicz [EMAIL PROTECTED]

FirmChannel Digital Signage 3.24 Cross-site scripting

has addressed the issue in the latest version. For more information visit firmchannel.com CVE: CVE-2008-4931 Credit: Brad Antoniewicz [EMAIL PROTECTED]

Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials

etHost(), "sfoutbox", "sfoutbox", true, false, mProgressWindow, false, mProxyIP, mProxyPort, mProxyUser, mProxyPass); Credit: Brad Antoniewicz Email: Brad.Antoniewicz at foundstone.com

ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service

Title: ntop <= 3.3.10 Basic Authentication Null Pointer Denial of Service - Vendor: ntop Vendor URL: www.ntop.org Vendor Response: None Description: A denial of service condition can be reached by specifying an inv