gravityBad.txt

4.22 07/08/2005 Gravity Board X v1.1 possibly prior versions Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclosure poc software: author site: http://www.gravityboardx.com/ a Sql Injection / Login Bypass: A user can bypass login check and grant administrator...

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

GLSA-200507-18 : MediaWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-18 MediaWiki: XSS vulnerability MediaWiki fails to escape a parameter in the page move template correctly. Impact : By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

CVE-2002-1770

Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer...

PHP-Fusion BBCode IMG Tag XSS

The remote host is running a version of PHP-Fusion that does not sufficiently sanitize JavaScript code. Specifically, an attacker can inject JavaScript code that bypasses the filters in 'fusioncore.php' by HTML-encoding it. This code will then be executed in the context of a user's browser when...

CVE-2004-1200

Firefox and Mozilla allow remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1198

Microsoft Internet Explorer allows remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1200

CVE-2004-1200 affects Firefox and Mozilla browsers. The vulnerability allows remote attackers to trigger high memory usage via JavaScript that repeatedly creates and sorts nested arrays, causing an application crash (DoS). The NVD entry documents a network-exposed scenario with a partial availabi...

CVE-2004-1199

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service application crash from memory exhaustion, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1199

CVE-2004-1199 affects Safari 1.2.4 on Mac OS X 10.3.6. The vulnerability allows a remote attacker to trigger a denial-of-service (application crash due to memory exhaustion) by sending JavaScript that repeatedly creates nested arrays and then sorts them. This summary is supported by multiple sour...

Google Toolbar 1.1.x - About.HTML HTML Injection

Google Toolbar 1.1.x - About.HTML HTML Injection source: https://www.securityfocus.com/bid/11210/info Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code. This vulnerability m...

Moodle XSS Vulnerability

Moodle XSS Vulnerability 13.07.04 Vendor: Moodle URL: http://moodle.org/ Version: Moodle 1.3.2+, Moodle 1.4 dev Risk: XSS Description: "Moodle is a course management system CMS - a software package designed to help educators create quality online courses." See http://moodle.org/ for a detailed...

MS Internet Explorer Remote Wscript.Shell Exploit

Exploit for unknown platform in category remote exploits ================================================= MS Internet Explorer Remote Wscript.Shell Exploit ================================================= ----------------------------------------------------- default.htm...

IMP Content-Type Header XSS

The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...

Horde IMP IMP_MIME_Viewer_html Class XSS

The remote server is running at least one instance of IMP whose version number is between 3.0 and 3.2.1 inclusive. Such versions are vulnerable to several cross-scripting attacks whereby an attacker can cause a victim to unknowingly run arbitrary JavaScript code simply by reading an HTML message...

DSA-355 gallery - cross-site scripting

Bulletin has no description...

CVE-2002-2101

Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag...

Microsoft Internet Explorer 5.56.0 - History List Script Injection

Microsoft Internet Explorer 5.56.0 - History List Script Injection source: https://www.securityfocus.com/bid/4505/info A vulnerability has been reported in some versions of Internet Explorer. It is possible to inject JavaScript code into the browser history list, and execute it within any page...

Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)

Using some informations posted on Bugtraq in this week, I found a very simple way to exploit "download&execution" of an .EXE file, directly from Outlook Express. This is my report: When an HTML page attached into a message, is started, it runs in the security zone of "Temporary Internet Files" TI...

CGIWrap 2.x3.x - Cross-Site Scripting

CGIWrap 2.x3.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/3081/info CGIWrap is a free, open-source program for running CGI securely. CGIWrap does not filter embedded scripting commands from user-supplied input. A web user may submit a malicious link into any form which...