CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

CVE-2004-1719

Multiple cross-site scripting XSS vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 cserver, 3 ext, 4 global, 5 showgroups, 6 or showlite parameters to address.html, or the 7 spage or 8 autoresponder parameters to...

CVE-2004-1716

Cross-site scripting XSS vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the 1 IRC Server or 2 AIM ID fields in the user profile...

CVE-2004-0203

Cross-site scripting XSS vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query...

CVE-2004-0660

Cross-site scripting XSS vulnerability in 1 showarchives.php, 2 shownews.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter...

CVE-2004-0591

Cross-site scripting XSS vulnerability in the printheaderuc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via 1 e-mail headers or 2 a message with a "message/delivery-status" MIME Content-Type...

CVE-2004-1711

Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

CVE-2004-2064

Cross-site scripting XSS vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the 1 Email or 2 Website fields...

CVE-2004-0737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 sid, 2 max, 3 sel1, 4 sel2, 5 sel3, 6 sel4, 7 sel5, 8 match, 9 mod1, 10 mod2, or 11 mod3 parameters...

CVE-2004-0725

Cross-site scripting XSS vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2004-0726

The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel...

Microsoft Internet Explorer - Remote Wscript.Shell

Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...

YaPiG 0.92 - Remote Server-Side Script Execution

YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...

CVE-2004-0617

Cross-site scripting XSS vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter...

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...

CVE-2004-2040

Multiple cross-site scripting XSS vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the 1 LAN407 parameter to clockmenu.php, 2 "email article to a friend" field, 3 "submit news" field, or 4 avmsg parameter to usersettings.php...

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...

[Full-Disclosure] Vuln. MacOSX/Safari: Remote help-call, execute scripts

I usually complain a lot about the Windows-security settings, and consider NIX systems to be of an entirely different level. But this time I found my own arguments off short. I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running in...

CVE-2004-1965

Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to index.p...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...