CVE-2006-3366

Vulnerability: CVE-2006-3366 affects V3 Chat. Description confirms multiple cross-site scripting (XSS) vulnerabilities where crafted HTML tags injected via user-supplied parameters can lead to script/HTML execution. Specifically vulnerable parameters include id (in mail/index.php and mail/reply.p...

alipager xss attack

Vendor : www.roostercode.com version : all version! BUG : You can include all html tag ... in chat line ! for example : scriptalert"HI users!"/script +++++...

Publicist v0.95 - XSS And Full Path Errors

Publicist v0.95 Homepage: http://publicist.kau.se/ Description: Publicist is a free web server software, created for web papers, that allows groups of people to write and publish together on the web i.e. schools or single classes, clubs, or other groups who wish to express themselves...

Mozilla products vulnerable to memory corruption via a particular sequence of HTML tags

Overview A vulnerability in the way Mozilla products and derivative programs handle certain HTML tags could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability has been discovered in the way that Mozilla and derived programs handle certain HTML...

CVE-2006-0749

CVE-2006-0749 affects Mozilla Firefox and Thunderbird (Firefox/Thunderbird 1.x before 1.5 and Mozilla Suite before 1.7.13; SeaMonkey before 1.0.8). The issue is a memory corruption triggered by a particular sequence of HTML tags, leading to memory corruption, a remote crash, and possibly arbitrar...

Mozilla Firefox Tag Order Vulnerability — Mozilla

A particular sequence of HTML tags that reliably crash Mozilla clients was reported by an anonymous researcher via TippingPoint and the Zero Day Initiative. The crash is due to memory corruption that can be exploited to run arbitrary code...

Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This is related to the handling of certain HTML tags. Attackers could exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged-in user. They could also use HT...

linksubmit.txt

Vendor : linksubmit Version : All Version www : http://www.phpselect.com AUTHOR : s3rv3rhack3r you can submit html tag's in $description linksubmit.php Exploit : !/usr/bin/perl Exploit by s3rv3rhack3r Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and.. / | \ | | / \ \ / | |/...

Microsoft Internet Explorer array index overflow

Array index overflow for large number of HTML tag's events handlers. Vulnerability can be used for hidden malware installation...

Cross site scripting

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting XSS attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in 1 the pnVarCleanFromInput function in pnAPI.php, 2 the pnSecureInput...

Html_Injection in vBulletin 3.5.2

Vulnerable Version: 3.5.2 prior versions also may be affected Bug: HtmlInjection Second order CrossSiteScripting Exploitation: Remote with browser HtmlInjection : The software does not properly filter HTML tags in the title of events before being passed to user in 'calendar.php'&'reminder.php AS...

CVE-2005-4357

CVE-2005-4357 is a cross-site scripting (XSS) vulnerability in phpBB when the “Allowed HTML tags” feature is enabled. The issue allows remote attackers to inject arbitrary JavaScript via a permitted HTML tag that includes characters like " and active attributes such as onmouseover, effectively ex...

CVE-2005-4260

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting XSS attacks by replacing the "" in the tag with a "", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web...

Guestserver guestbook system vulnerabilities

The poor security and input validation at Guestserver versions below 5 there are still lots of them out there allow all HTML tags inside a message and it can be exploited as much as you want to. http://www.stud.ntnu.no/larsell/guestserver/ A Google Search for "Guestbook by Guestserver - v4.12" fo...

CVE-2005-3973

Multiple cross-site scripting XSS vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the 1 legend tag and the value parameter used in 2 label and 3 input tags, possibly due t...

CVE-2005-3973

Multiple cross-site scripting XSS vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the 1 legend tag and the value parameter used in 2 label and 3 input tags, possibly due t...

Баг в vBulletin 3.x

Здравствуйте. Проверялись версии 3.0.3 и 3.0.9 Поле профиля Статус воспринимает опасные html-тэги по умолчанию эта опция включена и может использоваться для выполнения атак типа XSS а также некоторых других корыстных целях теми, кто может менять свой статус по умолчанию администрация, начиная от...

Zoomblog HTML Injection Vulnerability

DESCRIPTION Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog. Zoomblog does not adequate...

Fedora Core 4 2005-409: elinks

The remote host is missing the patch for the advisory FEDORA-2005-409 elinks. Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over graphical browsers is its speed--Links starts and exits quickly an...