CVE-2004-0162

Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients...

Microsoft Internet Explorer 6 SV 1 XHTML Comment User Confirmation Bypass

Binary data 2301.prm...

DEBIAN-CVE-2004-1717

Multiple buffer overflows in the psscan function in ps.c for gv ghostview allow remote attackers to execute arbitrary code via a Postscript file with a long 1 BoundingBox, 2 comment, 3 Orientation, 4 PageOrder, or 5 Pages value...

[Full-Disclosure] injection html CuteNews

Original Advisory: http://www.darkbicho.iberhosting.net/advisory-11.txt ------------------------------------------------------------------------------------------------- :.: injection html CuteNews :.: PROGRAM: CuteNews HOMEPAGE: http://cutephp.com/ VERSION: v1.3.x BUG: injection html DATE:...

Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption

Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption source: https://www.securityfocus.com/bid/10816/info A heap overflow vulnerability has been discovered in Internet Explorer. It is reported that the issue presents itself when a comment character sequence that is not terminat...

Spam-protection

We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It shouldn't be too hard to do - we already track URL links. The UI will need some thought though what do you do if you define a URL as spam, and it's in a page? Revert the page back t...

KM-2004-01: Cross-Site Scripting in Blosxom writeback

Security Advisory KM-2004-01: Cross-Site Scripting in Blosxom writeback Affected Application: Blosxom http://www.blosxom.com Severity: Medium to high typical XSS impacts Introduction: Blosxom, a weblog tool, has an optionally-installable plugin commonly used for allowing users to post comments or...

invisionPTSL11.txt

Vendor : Invision Power Services URL : http://www.invisiontsl.com Version : Invision Power Top Site List v1.1 RC 2 && Earlier Risk : SQL Injection Vulnerability Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web...

Invision Power Top Site List < 1.1 RC 2 - SQL Injection

Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming...

CVE-2003-1546

Cross-site scripting XSS vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section...

Comment Board XSS Vulnerability

Comment Board XSS Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Comment Board Vendor: http://www.ymonda.co.uk Issue: Remote attackers can inject XSS script. Description: ============ "Comment Board works straight away with little or no configuration...

SPAIZ-NUKE v1.1 XSS bug

Привет. Вот описание уязвимости в SPAIZ-NUKE 1.1 Advisory9 RusH security team | http://www.rsteam.net Product: SPAIZ-NUKE v1.1 Author: sPaiZ-Nuke Group http://www.spaiz-nuke.net/ [email protected] Vuln: XSS Bug found: 14.09.2003 by 1dt.w0lf Уязвимость: Spaiz-Nuke это движек для сайта постр...

Guestbook v1.1.3 CSS Vuln

Project: Filebased guestbook. Author: Copyright c Urs [email protected] Version: 1.1.3 Update: 17-09-2002 Homepage: http://www.circle.ch/scripts/ This PHP guest book script is vulnerable to hostile cross scripting in the 'comment' section of guest book posts. Comments span across multiple pages, with...

Sendmail buffer overflow

Buffer overflow on headers parsing oversized address comment...

CVE-2001-0596

Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript...

CVE-2002-0008

CVE-2002-0008 affects Bugzilla prior to 2.14.1. The vulnerability allows remote attackers to impersonate users: (1) spoof a user comment by sending a request to process_bug.cgi using the who parameter instead of the Bugzilla_login cookie, and (2) post a bug as another user by altering the reporte...

CVE-2002-0008

Bugzilla before 2.14.1 allows remote attackers to 1 spoof a user comment via an HTTP request to processbug.cgi using the "who" parameter, instead of the Bugzillalogin cookie, or 2 post a bug as another user by modifying the reporter parameter to enterbug.cgi, which is passed to postbug.cgi...

Windows AIM Client Exploits

i have generated a list of exploits that can be used to cause an illegal operation on windows aim clients 1. Comment Crash - anyone remember that neat little exploit that involved a large amount of html comment headers "!-- "? to fix it they configured the server to ignore instant messages over...

Netscape 4.76 gif comment flaw

Product: Netscape Navigator/Communicator Tested on: 4.76 on Linux and Win98/NT Vendor Contact: Reported 2001-03-22 Problem -------------------------------------------------------- - Overview: The Netscape browser does not escape the gif file comment in the image information page. This allows...

[SECURITY] New version of Netscape Communicator/Navigator released

Package: netscape communicator, navigator Vulnerability: remote exploit Debian-specific: no Existing Netscape Communicator/Navigator packages contain the following vulnerabilities: 1. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability - executes arbitrary code in the comment field of...