mozilla -- NULL bytes in FTP URLs

When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of Javascript when viewing plain text or other file types via FTP...

CVE-2004-0549

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine MSHTML, as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript,...

SCT javascript execution vulnerability

Vendor : SCT URL : http://www.sct.com/Education/Products/ConnectedLearning/CampusPipeline.html Version : CampusPipeline Risk : javascript execution Description: SCT Campus Pipeline is the Web platform of choice at over 175 institutions. It improves efficiency, builds community, and provides freed...

WebCT Campus Edition 4.1 - Cross site scripting using CSS @import

Name: WebCT Campus Edition 4.1 - Cross site scripting using CSS @import Release date: 2004/03/29 Application: WebCT Campus Edition 4.1 4.1.1.5, possibly others Vendor URL: http://www.webct.com/ WebCT Inc. Author: Simon Boulet simon boulet divahost net Legal Notice: -------------------- This...

Microsoft Outlook shell characters problem

Shell characters problem allow javacript execution in local zone...

CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...

Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)

source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the issue presents itself due to a failure by Internet Explorer to remove JavaScri...

[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Changing UBB cookie allows account hijack

Application: UBB 6.? Platform: Any system supporting PERL. Severity: Malicious users can steal session cookies, allowing administrative access to the bulletin board. Also custom html/js insertion in forum page is possible. Author: antiacid [email protected] Web:...

"netscape navigator" is cracked.

Readers' Favorite - Make Notes in Your Browser today! http://liudieyuinchina.vip.sina.com/domex/aPoP/ http://domex.int.tc/ "netscape navigator" is cracked. "that's all" is end of file if you are in a hurry tested OS:Windows Server 2003 Enterprise Browser: "Netscape Navigator 7.02" "Mozilla/5.0...

Using Java from Javascript

Opera and Netscape browsers allow you to include java methods calls in your javascript . As Javascript has support for objects you can use objects returned by these calls in your scripts . I have been looking for information about the possibly security implications and vulnerabilities published...

CVE-2002-2178

Cross-site scripting XSS vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag...

CVE-2002-2031

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results...

ArGoSoft Web-Mail security problem

ArGoSoft Web-Mail security problem. A vulnerability affects ArGoSoft Mail Server Pro for WinNT/2000/XP Version 1.8.1.9 I did not test other versions, this is the only I have, but others should be vulnerable too. The problem is in the Web-Mail interface, it is posible to execute javascript by...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames

Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...

Lycos HTMLGear - guestGear CSS HTML Injection

Lycos HTMLGear - guestGear CSS HTML Injection source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code ...

Lycos HTMLGear - guestGear CSS HTML Injection

source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendere...

CVE-2002-0457

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as , , and & in fields such as 1 name, 2 email, 3 AIM screen name, 4 website, 5 location, or 6 message...

CVE-2002-0413

Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script...