CVE-2003-1105

Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service browser or Outlook Express crash via HTML with certain input tags that are not properly rendered...

XSS в разных форумах

Здравствуйте, 3APA3A. играясь с е107 обнаружил следующее: forum проверено на версии 6.12 возможность вставки BBCode URL=http://some.url"style="position:absolute;left:220px;top:10px;"size=14test /size/URL проверенный:...

[waraxe-2004-SA#001] - Script injection in GBook for Php-Nuke ver. 1.0

================================================================================ waraxe-2004-SA001 ================================================================================ Script injection in GBook for Php-Nuke ver. 1.0...

Advisory: Incorrect Handling of XSS Protection in ASP.Net

Monday, September 8th, 2003 Background: ---------- As part of Microsoft's attempts to make it easier for application developers to write secure code, Microsoft has added a new feature, named Request Validation, to the ASP.Net 1.1 framework. This feature is provides out of the box protection again...

Ximian Evolution 1.x - MIME image* Content-Type Data Inclusion

Ximian Evolution 1.x - MIME image Content-Type Data Inclusion source: https://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image...

/search/index.cfm crossite scripting

/search/index.cfm allows insert HTML tags via search paramter...

Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow

source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the client. An attacker can exploit this vulnerability by enticing a victim use...

phpReactor - Cross-Site Scripting via STYLE

phpReactor has recently been updated to eliminate several known cross-site scripting vulnerabilities. Among these changes was to reduce the tags allowed in posts, profiles, etc. down to B, I, and FONT. However, using the "STYLE" attribute, one can still defeat this: b...

Code injection Vulnerability in endity.com's shoutBOX

Overview ----------------------- A shoutbox is a fun tool webmasters put on their site that allows them to receive feedback from users quickly. By typing in their name, site URL, & message, users can post comments, suggestions, praises, flames, etc. onto the shoutbox and it will be seen by everyo...

ViewCVS 0.9.2 - Cross-Site Scripting

ViewCVS 0.9.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4818/info ViewCVS does not filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks. An attacker may exploit this by constructing a malicious link with script code to a site running...

Web-based email services filtering systems vulnerable to malicous script execution

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...

javascript в gnut (javascript injection)

Имя разделяемого файла может содержать html-таги...

CVE-2001-0520

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including 1 onload in the BODY tag, 2 href in the A tag, 3 the BUTTON tag, 4 the INPUT tag, or 5 any other tag in which scripts can be...

CVE-2001-0520

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including 1 onload in the BODY tag, 2 href in the A tag, 3 the BUTTON tag, 4 the INPUT tag, or 5 any other tag in which scripts can be...

Advisory: Gaim remote vulnerability

Author: Stan Bubrouski [email protected] Date: November 9, 2000 Package: Gaim Versions affected: 0.10.3 current and previous 0.10.x versions. Severity: A remote user could potentially execute shell code as the user Gaim is running as. Problem:There is a buffer overflow in Gaim's parsing of HTML ta...

win98-bluescreen.txt

=-= Next Generation of Windows 98 Blues Screen 2 =-= By RUBINHOC from BraZiL Original exploit found by www.securax.org Only for: ruindows 98 maybe 95 too. Techniques: NEW - Infernal Pulse 03/17/2000 =-= WIN98 webservers =-= customized by RUBINHOC rubinhoc:roottelnet victim.com 80 Trying x.x.x.x...