Verity K2 Toolkit 2.20 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8073/info It has been reported that Verity K2 Toolkit does not sufficiently filter user-supplied search parameters. As a result of this reported deficiency, it may be possible for a remote attacker to create a malicious link containing script code that wi...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

CVE-2003-0273

Cross-site scripting XSS vulnerability in the web interface for Request Tracker RT 1.0 through 1.0.7 allows remote attackers to execute script via message bodies...

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...

CVE-2001-1370

prepend.php3 in PHPLib before 7.2d, when registerglobals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $PHPLIBlibdir to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages...

CVE-2002-0958

Cross-site scripting vulnerability in browse.php for PHPReactor 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section...

CVE-2002-1053

Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."...

CVE-2002-1700

Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...

CVE-2002-1727

Cross-site scripting vulnerability XSS in 1 asweb.exe and 2 asweb4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL...

CVE-2002-1662

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...

CVE-2002-1702

Cross-site scripting vulnerability XSS in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter...

CVE-2002-2192

Cross-site scripting XSS vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via 1 a Host: header when DNS wildcards are supported or 2 the query string in a "dir" request to indexed folders...

CVE-2002-1681

Cross-site scripting XSS vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph tag...

PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution

source: https://www.securityfocus.com/bid/6399/info A vulnerability has been discovered in the PHP-Nuke Web Mail module. When a user opens an email that contains an attachment, the file will be put in a remotely accessible web directory. It has been reported that the vulnerable module fails to...

CVE-2002-1334

Cross-site scripting XSS vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via 1 the direct parameter in imageFolio.cgi, or 2 nph-build.cgi...

security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...