CVE-2001-1202

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error...

CVE-2001-1352

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter...

CVE-2001-0824

Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into 1 a request for a .JSP file, or 2 a request to the webapp/examples/ directory, which inserts the Javascript into an error page...

ОБращение к реестру через IE5.5 (javascript execution)

Несколько ActiveX компонентов могут записывать разделы реестра...

[SECURITY] [DSA-073-1] 3 security problems in imp

Package : imp Problem type : 3 remote exploits Debian-specific: no The Horde team released version 2.2.6 of IMP a web based IMAP mail program which fixes three security problems. Their release announcement describes them as follows: 1. A PHPLIB vulnerability allowed an attacker to provide a value...

CVE-2001-0596

Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript...

Proxomitron Cross-site Scripting Vulnerability

Proxomitron Cross-site Scripting Vulnerability ============================================== Affected versions ================= Proxomitron Naoko-4 BetaFour or earlier http://spywaresucks.org/prox/ Problem ======= Accessing the following URL with the browser configured to use Proxomitron as a...

IMP 2.2.6 (SECURITY) released

The Horde team announces the availability of IMP 2.2.6, which fixes three potential security issues. We strongly recommend that all sites running IMP 2.2.x upgrade to this version. 1 A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get...

CVE-2001-1257

Cross-site scripting vulnerability in Horde Internet Messaging Program IMP before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email...

Lotus Domino Server Cross-Site Scripting Vulnerability

Lotus Domino Server Cross-Site Scripting Vulnerability ====================================================== Affected products: ================= Lotus Domino Server 5.0.6 http://www.lotus.com/home.nsf/welcome/domino/ Vendor status: ============= Notified: 18 Mar 2001 09:59:51 +0900 105 days...

Выполнение javascript в Exchange 2000 OWA (javascript execution)

javascript содержащийся во вложенном файле может быть выполнен в контексте сервера...

O'Reilly WebBoard 4.10.30 JavaScript code execution problem

I found following problem in the WebBoard: The Board has a paging function. User A can send a message to user B. User B gets a javascript popup produced with alert with the message from user A. The problem is that user A can close the alert function and so he can execute his javascript code on us...

eSafe Gateway 2.1 - Script-filtering Bypass

eSafe Gateway 2.1 - Script-filtering Bypass source: https://www.securityfocus.com/bid/2750/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply changing the...

[SECURITY] [DSA 051-1] New Netscape packages available

---------------------------------------------------------------------------- Debian Security Advisory DSA 051-1 [email protected] http://www.debian.org/security/ Martin Schulze April 23, 2001 - ---------------------------------------------------------------------------- Package : netscape...

Дырка в Netscape (gif comment scripting)

javascript вставленный в комментарий GIF-файла будет выполнен в контексте локальной машины...

Netscape 4.76 gif comment flaw

Product: Netscape Navigator/Communicator Tested on: 4.76 on Linux and Win98/NT Vendor Contact: Reported 2001-03-22 Problem -------------------------------------------------------- - Overview: The Netscape browser does not escape the gif file comment in the image information page. This allows...

Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure

source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a normal HTML page. The Javascript code...

Дырка в AOL Instant Messenger

При некоторых условиях на компьютере клиента может быть выполнен Javascript/VBScript...

Modifed images can lead to JavaScript/VBScript execution in AIM

Software Effected: AOL Instant Messenger Versions Effected: 4.1 to current including 4.4 alpha, older versions probably effected Details: AOL Instnat Messenger has the ability to embed images into an instant message. The user sends the graphic to the person they wish to show, and the graphic show...

Дырка в Internet Explorer (Media Player ActiveX)

ActiveX-элемент Media Player позволяет выполнение Javascript В контексте локальной машины...