2049 matches found
[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...
[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...
CVE-2002-0530
Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...
PHPBB2 - Image Tag HTML Injection
source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability". However, phpBB2 was found to not be...
CVE-2002-0269
Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent...
Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047)
Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant MS02-047 source: https://www.securityfocus.com/bid/5561/info Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions...
Дырки в PHP Phorum
Можно указать некорректный php-файл для выполнения, администратор форума имеет возможность вставить собственный PHP-скрипт...
CVE-2001-0991
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message...
CVE-2001-1004
Cross-site scripting CSS vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags...