96 matches found
CVE-2014-6304
CVE-2014-6304 affects PNMsoft Sequence Kinetics—the Form Controls CSS file—where information disclosure enables remote attackers to obtain sensitive source-code information. Public entries indicate impact for Sequence Kinetics versions up to 7.6 (CNVD reference cites 7.5 and earlier; NVD notes vu...
Cross site scripting
Cross-site scripting XSS vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file...
CVE-2014-7852
Cross-site scripting XSS vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file...
CVE-2014-7852
The CVE-2014-7852 issue is a cross-site scripting (XSS) vulnerability in JBoss RichFaces used by Red Hat JBoss Portal 6.1.1, where RichFaces accepted arbitrary strings in a URL and returned them unencoded in a CSS file. The Red Hat advisory RHSA-2014:1973 documents that this could enable an attac...
A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS
The A Forms WordPress plugin was affected by an a-forms.php aformcssfileselector Function cssfileselection Parameter XSS security vulnerability...
Stack overflow
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file...
CVE-2011-0334
CVE-2011-0334 describes a stack-based buffer overflow in gwia.exe, part of Novell GroupWise Internet Agent (GWIA) . The vulnerability occurs when GWIA handles long HTTP requests for certain .css resources, allowing remote attackers to execute arbitrary code. Affected software is GroupWise 8.0 pri...
CVE-2011-0334
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file...
Groone's Guestbook 2.0 Remote File Inclusion Vulnerability
No description provided by source. GBOOK v2.0 Remote File Include Vulnerability http://www.groonesworld.com/programs/gbook/gbook.zip ======================================================== Author: k3vin mitnick tunisianblackhat team = = Home : http://tunisianblackhat.com & scarface-team.org = =...
WeBid 0.5.4 Multiple Remote Vulnerabilities
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . ================================ ========================== ==================== |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ ...
Code injection
Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...
CVE-2006-2335
Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...
CVE-2006-2335
Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...
CVE-2006-2335
Jelsoft vBulletin (CSS upload handling) is affected by a vulnerability where uploading a CSS file containing PHP code and selecting it via the style chooser can result in the PHP code being executed. The issue is described as enabling remote authenticated administrators to gain shell access throu...
CVE-2005-4717
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service client crash via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...
CVE-2005-4717
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service client crash via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...