321 matches found
Commercial Interactive Media SCOOP! 2.3 - prePurchaserRegistration.asp?Invalid Cross-Site Scripting
Commercial Interactive Media SCOOP! 2.3 - prePurchaserRegistration.asp?Invalid Cross-Site Scripting source: https://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the...
AbleDesign D-Man 3.0 - Title Cross-Site Scripting
AbleDesign D-Man 3.0 - Title Cross-Site Scripting source: https://www.securityfocus.com/bid/15993/info D-Man is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'title' parameter. An attacker may...
WebGlimpse 2.x - Cross-Site Scripting
WebGlimpse 2.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/15916/info WebGlimpse is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
Chipmunk Forum - 'quote.php?forumID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
IceWarp Web Mail 5.5.1 - calendar_d.html?createdataCX Cross-Site Scripting
IceWarp Web Mail 5.5.1 - calendard.html?createdataCX Cross-Site Scripting source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...
VegaDNS 0.8.1/0.9.8/0.9.9 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14538/info VegaDNS is vulnerable to cross-site scripting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
ATutor 1.4.3 - browse.php?show_course Cross-Site Scripting
ATutor 1.4.3 - browse.php?showcourse Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...
ProfitCode Software PayProCart 3.0 - AdminShop ProMod Cross-Site Scripting
source: https://www.securityfocus.com/bid/13308/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...
Active Auction House - 'account.asp?ReturnURL' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13036/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...
Apple Safari 1.2 Web Browser - TABLE Status Bar URI Obfuscation
Apple Safari 1.2 Web Browser - TABLE Status Bar URI Obfuscation source: https://www.securityfocus.com/bid/11573/info A URI obfuscation weakness reportedly affects the Apple Safari Web Browser. This issue may be leveraged by an attacker to display false information in the status bar of an...
Softshoe - Parse-file Cross-Site Scripting
source: https://www.securityfocus.com/bid/8294/info Softshoe is allegedly prone to cross-site scripting attacks. An attacker can exploit this issue by creating a malicious link that contains hostile HTML or script code to a site that is hosting the vulnerable software. If such a link is visited,...
Drupal 4.1/4.2 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8235/info The Drupal content management system is prone to a cross-site scripting vulnerability. This issue is exposed through the main page and through other sub-pages. An attacker may exploit this issue by including hostile HTML and script code in a...
Splatt Forum 34 - Post Icon HTML Injection
Splatt Forum 34 - Post Icon HTML Injection source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML...
Mozilla 1.x Opera 7.0 - LiveConnect JavaScript Denial of Service
Mozilla 1.x Opera 7.0 - LiveConnect JavaScript Denial of Service source: https://www.securityfocus.com/bid/7227/info A denial-of-service vulnerability has been reported to affect several browsers. The vulnerability occurs when executing certain malformed JavaScript-enabled pages. An attacker can...
Mozilla 1.x / Opera 7.0 - LiveConnect JavaScript Denial of Service
source: https://www.securityfocus.com/bid/7227/info A denial-of-service vulnerability has been reported to affect several browsers. The vulnerability occurs when executing certain malformed JavaScript-enabled pages. An attacker can exploit this vulnerability by creating a malicious JavaScript pag...
PHP-Nuke 6.0 - News Message HTML Injection
PHP-Nuke 6.0 - News Message HTML Injection source: https://www.securityfocus.com/bid/5796/info Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client. PHPNuke does not sufficiently filter potentially malicious HTML code from news posts. As a result,...
zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]
On Tue Sep 03 2002, Blue Boar wrote: This is one of my favorite vulnerabilities: http://online.securityfocus.com/bid/1503 It's an overflow in the JPEG handler in Netscape. I don't know of one for GIFs off the top of my head, but the same principle applies. If there's a viewer with a bug, then the...
EEYE: Macromedia Shockwave Flash Malformed Header Overflow
Macromedia Shockwave Flash Malformed Header Overflow Release Date: August 8, 2002 Severity: High Remote Code Execution Systems Affected: Macromedia Shockwave Flash - All Versions; Unix and Windows; Netscape and Internet Explorer Description: While working on some pre-release eEye Retina CHAM tool...
Opera 6.0.1 / Microsoft Internet Explorer 5/6 - JavaScript Modifier Keypress Event Subversion
source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences including the disclosure of arbitra...
Ultimate PHP Board 1.01.1 - Image Tag Script Injection
Ultimate PHP Board 1.01.1 - Image Tag Script Injection source: https://www.securityfocus.com/bid/4603/info Ultimate PHP Board UPB is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Ultimate PHP Board does not filter script code from...