7973 matches found
CVE-2006-1627
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the 1 actionID and 2 pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated...
CVE-2006-1627
Adobe Document Server for Reader Extensions 6.0 is affected by a vulnerability where authenticated users can bypass access controls by manipulating the actionID and pageID parameters. This may allow privileged actions, potentially enabling a low-privileged user to escalate or disclose information...
Adobe Document Server 6.0 Extensions - ads-readerext?actionID Cross-Site Scripting
Adobe Document Server 6.0 Extensions - ads-readerext?actionID Cross-Site Scripting source: https://www.securityfocus.com/bid/17500/info Adobe Document Server for Reader Extensions, included with Graphics Server and Document Server, is prone to multiple vulnerabilities that may allow remote...
Multiple Adobe Document Server for Reader Extensions security vulnerabilities
Protection bypass, crossite scripting, session hijacking...
[Full-disclosure] Secunia Research: Adobe Document Server for Reader Extensions Multiple Vulnerabilities
====================================================================== Secunia Research 13/04/2006 Adobe Document Server for Reader Extensions Multiple Vulnerabilities ====================================================================== Table of Contents Affected...
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting
Argeniss Security Advisory Name: Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting MS06-17 Affected Software: Microsoft FrontPage Server Extensions 2002 and Microsoft SharePoint Team Services Severity: Medium Remote exploitable: Yes User intervention required...
Adobe Document Server 6.0 Extensions - 'ads-readerext?actionID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17500/info Adobe Document Server for Reader Extensions, included with Graphics Server and Document Server, is prone to multiple vulnerabilities that may allow remote attackers to: - perform cross-site scripting attacks - gain access to potentially sensiti...
frontpage -- cross site scripting vulnerability
Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...
Cross site scripting
Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...
CVE-2006-0015
Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...
CVE-2006-0015
Cross-site scripting XSS vulnerability in vtibin/vtiadm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the 1...
Update Protection against a Vulnerability in Microsoft FrontPage Server Extensions Vulnerability (MS06-017)
FrontPage Server Extensions is a set of tools that can be installed on a Web site. They allow authorized personnel to manage the server, add or change content, and perform other tasks. A vulnerability was detected in Front Page Server Extensions that may allow an attacker take a variety of action...
Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
Description Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code...
Microsoft FrontPage - Server Extensions Cross-Site Scripting
Microsoft FrontPage - Server Extensions Cross-Site Scripting source: https://www.securityfocus.com/bid/17452/info Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input...
Microsoft Security Bulletin MS06-017 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
Microsoft Security Bulletin MS06-017 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting 917627 Published: April 11, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft FrontPage Server Extensions 2002 or Microsoft SharePoint Te...
Microsoft FrontPage - Server Extensions Cross-Site Scripting
source: https://www.securityfocus.com/bid/17452/info Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage...
Dwarf HTTP Server < 1.3.3 Multiple Remote Vulnerabilities (XSS, Disc)
The remote host is running Dwarf HTTP Server, a full-featured, Java-based web server. According to its banner, the version of Dwarf HTTP Server on the remote host reportedly fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue to disclose th...
Design/Logic Flaw
GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
Design/Logic Flaw
ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...
CVE-2006-0760
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...