4530 matches found
Brooky CubeCart index.php language XSS
The remote host runs CubeCart, is an eCommerce script written with PHP & MySQL. This version is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious scri...
Zeroboard < 4.1pl5 Multiple Vulnerabilities - Active Check
Zeroboard is prone to arbitrary PHP code execution and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2005-3430
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as 1 .unk, 2 .asa, and possibly 3 .htr and 4 .aspx, which are not filtered like the .asp extension...
CVE-2005-3301
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to 1 left.php, 2 queryframe.php, or 3 serverdatabases.php...
CVE-2005-3165
Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...
CVE-2005-2860
Cross-site scripting XSS vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...
Microsoft IIS 5.1 - WebDAV HTTP Request Source Code Disclosure
source: https://www.securityfocus.com/bid/14764/info Microsoft IIS is reportedly affected by a remote script source disclosure vulnerability. A successful attack causes the Web server to present the requested file as a plain text file and subsequently disclosing the source. It should be noted tha...
Microsoft IIS 5.1 - WebDAV HTTP Request Source Code Disclosure
Microsoft IIS 5.1 - WebDAV HTTP Request Source Code Disclosure source: https://www.securityfocus.com/bid/14764/info Microsoft IIS is reportedly affected by a remote script source disclosure vulnerability. A successful attack causes the Web server to present the requested file as a plain text file...
DEBIAN-CVE-2005-2215
Cross-site scripting XSS vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888...
CVE-2004-1824
CVE-2004-1824 – vBulletin XSS vulnerability : The affected software is Jelsoft/vBulletin. The issue is a cross-site scripting flaw in the handling of URI input (not properly sanitized), exploitable via the what parameter to memberlist.php or similar URI input vectors in older vBulletin releases. ...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-1154
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...
DEBIAN-CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 the user login name, which is not filtered when the administrator views the log file. CVE: CVE-2005-1006 Last updated: July 11, 2017, 1:32 a...
security flaw
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...
GLSA-200504-23 : Kommander: Insecure remote script execution
The remote host is affected by the vulnerability described in GLSA-200504-23 Kommander: Insecure remote script execution Kommander executes data files from possibly untrusted locations without user confirmation. Impact : An attacker could exploit this to execute arbitrary code with the permission...
security flaw
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...
CVE-2005-1308
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...
CVE-2005-1000
Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the bid parameter to the EmailStats op in banners.pgp, 2 the ratenum parameter in the TopRated and MostPopular actions in the WebLinks module, 3 the ttitle paramet...
Alstrasoft EPay Pro 2.0 - Remote File Inclusion
source: https://www.securityfocus.com/bid/12973/info EPay Pro is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'view' parameter. An attacker may leverage this...