546 matches found
CVE-2005-4810
Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service crash via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest AJAX...
Link Bank - 'Iframe.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17001/info Link Bank is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issu...
Link Bank - Iframe.php Cross-Site Scripting
Link Bank - Iframe.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17001/info Link Bank is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML...
Game-Panel 2.6 - login.php Cross-Site Scripting
Game-Panel 2.6 - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16979/info Game-Panel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated...
RunCMS 1.x - Bigshow.php Cross-Site Scripting
RunCMS 1.x - Bigshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16970/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML...
CutePHP CuteNews 1.4.1 - index.php Cross-Site Scripting
CutePHP CuteNews 1.4.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16961/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically...
CutePHP CuteNews 1.4.1 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16961/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issue...
CuteNews 1.4.1 - show_news.php Cross-Site Scripting
CuteNews 1.4.1 - shownews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16740/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generate...
QwikiWiki 1.5 - 'search.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16638/info QwikiWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issu...
QwikiWiki 1.5 - search.php Cross-Site Scripting
QwikiWiki 1.5 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/16638/info QwikiWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated...
Gastebuch 1.3.2 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/16615/info Gastebuch is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issu...
[SA18542] Kerio WinRoute Firewall Denial of Service Vulnerabilities
TITLE: Kerio WinRoute Firewall Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA18542 VERIFY ADVISORY: http://secunia.com/advisories/18542/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: Two...
CVE-2004-2054
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...
REFRESH: EUDORA MAIL 5.1.1
Tuesday, July 23, 2002 Trivial silent delivery and installation of an executable on a target computer. This can be accomplished with the default installation of the mail client Eudora 5.1.1: 'allow executables in HTML content' DISABLED 'use Microsoft viewer' ENABLED The manufacturer...
Qualcomm Eudora 5.0.2 - 'Use Microsoft Viewer' Code Execution
source: https://www.securityfocus.com/bid/2490/info Eudora uses Internet Explorer to assist in the viewing of html messages if the 'Use Microsoft Viewer' option is enabled. Eudora also has a 'allow executables in HTML content' option, which the documentation recommends be disabled for securithy...
SGI InfoSearch 1.0 / SGI IRIX 6.5.x - fname
source: https://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing commands to be executed at the webserver...
netscape.find.txt
Date: Mon, 8 Mar 1999 19:48:05 +0200 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator find vulnerabilities There is a design flaw in Netscape Communicator 4.5 Win95, 4.08 WinNT I guess all 4.x version are vulnerable which allows the following security exploits: Readin...
ROS-2-1883
2.1883 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...
ROS-2-1288
2.1288 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-1391
2.1391 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...