2327 matches found
NullHTTPD crossite scripting
http://localhost/a?x=SCRIPTalertdocument.URL/SCRIPT...
Apache Tomcat 4.1 - JSP Request Cross-Site Scripting
Apache Tomcat 4.1 - JSP Request Cross-Site Scripting source: https://www.securityfocus.com/bid/5542/info Jakarta Tomcat is a Java Servlet and JSP server produced by the Apache Software Foundation. Tomcat is available for Microsoft Windows, Linux, and other Unix based operating systems. A cross si...
Microsoft Internet Explorer 6 - File Attachment Script Execution
Microsoft Internet Explorer 6 - File Attachment Script Execution source: https://www.securityfocus.com/bid/5450/info An error has been reported in Microsoft Internet Explorer 6, which may allow malicious file attachments to execute arbitrary code in the context of the local system. HTM files are...
operaftp.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Opera FTP View Cross-Site Scripting Vulnerability Date: 4 August 2002 Author: Eiji James Yoshida [email protected] Risk: Medium Vulnerable: Windows2000 SP2 Opera 6.03 Windows2000 SP2 Opera 6.04 Overview: Opera allows running Malicious...
Opera 6.0.1 Microsoft Internet Explorer 56 - JavaScript Modifier Keypress Event Subversion
Opera 6.0.1 Microsoft Internet Explorer 56 - JavaScript Modifier Keypress Event Subversion source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious...
Opera 6.0.1 / Microsoft Internet Explorer 5/6 - JavaScript Modifier Keypress Event Subversion
source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences including the disclosure of arbitra...
GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting
GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/5198/info A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems. GoAhead WebServer...
Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation
source: https://www.securityfocus.com/bid/5196/info Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This...
CSS in blackboard
Product: Blackboard 5 Vendor: Blackboard inc Website: www.Blackboard.com Reported: 24 apr 2002: Discovered CSS in blackboard program and company.blackboard.com. Reported CSS in blackboard program at http://company.blackboard.com/contactus/Suggestions.cgi. Reported CSS in company.blackboard.com to...
CVE-2002-0413
The CVE-2002-0413 issue is an XSS vulnerability in ReBB that allows remote attackers to execute arbitrary JavaScript and steal cookies via an IMG tag whose URL contains the malicious script. Affected software is ReBB; the vulnerability arises from the handling of image URLs containing script cont...
Yahoo! Messenger "addview" function allows for the automatic execution of malicious script contained in web pages
Overview Yahoo! Messenger is an instant messaging client. When installed, Yahoo! Messenger enables a URI handler ymsgr :parameter. The addview function of this handler can be used to execute arbitrary script/html on the local system. Description The addview feature of Yahoo! Messenger is used to...
Hosting Controller still have dangerous bugs!
-Vulnerable versions: all HC versions. 1.Database directory travelsal: By adding slash dot dot,the user can view the files,folders located on the sytem and can add DSN out of user root directory. http://www.target.com/admin/dsn/dsnmanager.asp?...
Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting
Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting source: https://www.securityfocus.com/bid/3829/info UBB Ultimate Bulletin Board is commercial web forums/community software that is written in Perl. It runs on various Unix/Linux variants, as well as Microsoft Windows NT/2000. UBB is prone...
YaBB 9.1.2000 - Cross-Agent Scripting
source: https://www.securityfocus.com/bid/3828/info YaBB Yet Another Bulletin Board is freely available web forums/community software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. YaBB is prone to cross-agent scripting...
DeleGate 7.7.1 - Cross-Site Scripting
DeleGate 7.7.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3749/info DeleGate is a proxy server which runs on Linux , Unix, Microsoft Windows and OS/2 platforms. It is capable of translating a number of protocolsHTTP, FTP, NNTP, POP, Telnet, etc. between client and server...
CVE-2001-0340
An interaction between the Outlook Web Access OWA service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically...
IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...
Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...
PHP 4.x - SafeMode Arbitrary File Execution
PHP 4.x - SafeMode Arbitrary File Execution source: https://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, an...
Microsoft Internet Explorer 5.5 - File Disclosure
Microsoft Internet Explorer 5.5 - File Disclosure source: https://www.securityfocus.com/bid/2833/info Internet Explorer contains a flaw which could enable a remote web site operator to retrieve a known file from a visiting user's system. If a specially formed script containing GetObject function...