PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11890/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...

PhpGedView 2.61 - Search Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/9369/info PhpGedView is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to this script that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be...

miniBB bb_func_usernfo.php Website Name Field XSS

The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a cross-site scripting bug. A remote attacker could exploit this to impersonate a legitimate user by tricking them into requesting a maliciously crafted URL. %NASLMINLEVEL 703...

CVE-2003-1285

Multiple cross-site scripting XSS vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 isapi/testisa.dll, 2 testcgi.exe, 3 environ.pl, 4 the query parameter to samples/search.dll, 5 the price parameter to...

CVE-2003-1468

The WebLinks module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message...

CVE-2003-1517

cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message...

My Little Forum 1.3 - email.php Cross-Site Scripting

My Little Forum 1.3 - email.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9286/info my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input...

Opera Browser 6.0 6 - URI Display Obfuscation

source: https://www.securityfocus.com/bid/9281/info A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a supplied username, contains a specially crafted...

Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (1)

source: https://www.securityfocus.com/bid/9182/info A weakness has been reported in multiple browsers that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI designed to pass access a specific location with a supplied username, contains a...

MLdonkey 2.5-4 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8946/info It has been reported that the Mldonkey web interface is prone to cross-site scripting attacks when reporting errors. The problem occurs due to insufficient sanitization of script code within requests. This could potentially allow an attacker to...

Buffer Overflow in Yahoo messenger Client

Date: Oct 26, 2003 Title: Buffer Overflow in Yahoo messenger Client Vulnerable systems: Yahoo! Messenger version 5.6.0.X Summary: Vulnerability in Yahoo Messenger File Transfer option allows a remote attacker to shut down the victim client. Details: The Yahoo messenger service filters some specia...

PSCS VPOP3 2.0 Email Server WebAdmin - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8869/info It has been reported that PSCS VPOP3 Email Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to embed malicious HTML and script code in a link. The issue is reported to be present in the WebAdmin utilit...

Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (Microsoft Security Bulletin MS03-047)

From Microsoft Security Bulletin MS03-047: A cross-site scripting XSS vulnerability results due to the way that Outlook Web Access OWA performs HTML encoding in the Compose New Message form. An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf...

Oracle Database Server 9.0.x - Oracle Binary Local Buffer Overflow

// source: https://www.securityfocus.com/bid/8844/info Oracle Database Server 'oracle' binary has been reported prone to a local buffer overflow vulnerability. The issue likely presents itself due to a lack of sufficient boundary checks performed on command line arguments passed to the affected...

mIRC 6.1 - 'DCC SEND' Buffer Overflow (1)

source: https://www.securityfocus.com/bid/8818/info A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking performed on 'DCC SEND' requests. It has...

NullLogic Null HTTPd 0.5 - Remote Denial of Service

source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has been reported that a remote attacke...

Invision Power Board (IP.Board) 1.x - index.php showtopic Cross-Site Scripting

Invision Power Board IP.Board 1.x - index.php showtopic Cross-Site Scripting source: https://www.securityfocus.com/bid/8575/info Invision Power Board is prone to a cross-site scripting vulnerability. It has been reported that a remote attacker may construct a malicious link to the index.php scrip...

Digital Scribe 1.x - Error Function Cross-Site Scripting

source: https://www.securityfocus.com/bid/8551/info A problem has been reported in the checking of input by Digital Scribe, potentially allow for cross-site scripting attacks. Because of this, it may be possible for an attacker to steal cookie authentication credentials or launch other attacks...

FloosieTek FTGatePro 1.22 - Mail Server Cross-Site Scripting

source: https://www.securityfocus.com/bid/8528/info FloosieTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with embedded HTML and script code. The...

PHPOutsourcing Zorum 3.4 - Full Path Disclosure

source: https://www.securityfocus.com/bid/8396/info A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path. This issue may allow an attacker to gain knowledge of the file...