3566 matches found
Courier mail server crossite scripting
Internet Explorer Conditional Comments crossite scripting with sqwebmail...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
DEBIAN-CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
CVE-2005-2820
Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...
PT-2005-3706 · Maxdev · Maxdev Md-Pro
Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...
[Full-disclosure] Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability
====================================================================== Secunia Research 06/09/2005 - SqWebMail Conditional Comments Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...
XSS in GreyMatter blog
Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like script/script, administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log...
CVE-2005-2689
Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...
CVE-2005-2689
Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...
CVE-2005-2608
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting XSS attacks in vulnerable applications that use SafeHTML...
CVE-2005-2608
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting XSS attacks in vulnerable applications that use SafeHTML...
vBulletin <= 3.0.6 (Template) Command Execution Exploit (metasploit)
Exploit for unknown platform in category web applications ==================================================================== vBulletin 'vBulletin '$Revision: 1.0 $', 'Authors' = 'str0ke' , 'Arch' = , 'OS' = , 'Priv' = 0, 'UserOpts' = 'RHOST' = 1, 'ADDR', 'The target address', 'RPORT' = 1, 'PORT...
CVE-2005-2152
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article...
[Full-disclosure] Quickblogger
------------------------------------------------------------ - EXPL-A-2005-011 exploitlabs.com Advisory 040 - ------------------------------------------------------------ - QuickBlogger - AFFECTED PRODUCTS ================= QuickBlogger 1.4 and earlier http://www.jlwebworks.net/ OVERVIEW ========...
Drupal 4.5.3 4.6.1 - Comments PHP Injection
Drupal 4.5.3 4.6.1 - Comments PHP Injection !/usr/bin/perl Mon Jul 4 18:19:35 CEST 2005 [email protected] DRUPAL-SA-2005-002 php injection in comments yes, its lame Hax0r code here, read before execute Run without arguments to show the help. BLINK! BLINK! BLINK! BLINK! Feel free to port to anoth...
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection
!/usr/bin/perl Mon Jul 4 18:19:35 CEST 2005 [email protected] DRUPAL-SA-2005-002 php injection in comments yes, its lame Hax0r code here, read before execute Run without arguments to show the help. BLINK! BLINK! BLINK! BLINK! Feel free to port to another stupid script language mIRC, python, TCL ...
CVE-2004-2138
AllWebScripts MySQLGuest is affected by a cross-site scripting (XSS) vulnerability in AWSguest.php. The issue allows remote attackers to inject arbitrary HTML/PHP via the fields Name, Email, Homepage, or Comments. The exact vulnerable component is AWSguest.php within AllWebScripts MySQLGuest; und...
[Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue
---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-002 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-002 Date: 2005-jun-29 Security risk: highly critical Impact: system...
drupal -- PHP code execution vulnerabilities
Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed...