378 matches found
Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution
Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution source: https://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when...
Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service
source: https://www.securityfocus.com/bid/9519/info A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable implementation, denying service to the user. G...
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
source: https://www.securityfocus.com/bid/11905/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...
PHPGedView 2.5/2.6 - 'Imageview.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11890/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...
PHPGedView 2.52.6 - Source.php Cross-Site Scripting
PHPGedView 2.52.6 - Source.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11888/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue...
PHPGedView 2.52.6 - Relationship.php Cross-Site Scripting
PHPGedView 2.52.6 - Relationship.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11906/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...
PhpGedView 2.61 - Search Script Cross-Site Scripting
source: https://www.securityfocus.com/bid/9369/info PhpGedView is prone to a cross-site scripting vulnerability. Remote attackers may create malicious links to this script that include hostile HTML and script code. If such a link was followed by a victim user, the attacker-supplied code would be...
miniBB bb_func_usernfo.php Website Name Field XSS
The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a cross-site scripting bug. A remote attacker could exploit this to impersonate a legitimate user by tricking them into requesting a maliciously crafted URL. %NASLMINLEVEL 703...
CVE-2003-1517
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message...
CVE-2003-1285
Multiple cross-site scripting XSS vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 isapi/testisa.dll, 2 testcgi.exe, 3 environ.pl, 4 the query parameter to samples/search.dll, 5 the price parameter to...
CVE-2003-1468
The WebLinks module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message...
My Little Forum 1.3 - email.php Cross-Site Scripting
My Little Forum 1.3 - email.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9286/info my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input...
PSCS VPOP3 2.0 Email Server WebAdmin - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8869/info It has been reported that PSCS VPOP3 Email Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to embed malicious HTML and script code in a link. The issue is reported to be present in the WebAdmin utilit...
mIRC 6.1 - 'DCC SEND' Buffer Overflow (1)
source: https://www.securityfocus.com/bid/8818/info A vulnerability has been reported to exist in the mIRC client that may allow a remote attacker to crash a vulnerable mIRC client. The condition is most likely present due to insufficient boundary checking performed on 'DCC SEND' requests. It has...
NullLogic Null HTTPd 0.5 - Remote Denial of Service
source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has been reported that a remote attacke...
Invision Power Board (IP.Board) 1.x - index.php showtopic Cross-Site Scripting
Invision Power Board IP.Board 1.x - index.php showtopic Cross-Site Scripting source: https://www.securityfocus.com/bid/8575/info Invision Power Board is prone to a cross-site scripting vulnerability. It has been reported that a remote attacker may construct a malicious link to the index.php scrip...
FloosieTek FTGatePro 1.22 - Mail Server Cross-Site Scripting
source: https://www.securityfocus.com/bid/8528/info FloosieTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with embedded HTML and script code. The...
PHPOutsourcing Zorum 3.4 - Full Path Disclosure
source: https://www.securityfocus.com/bid/8396/info A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path. This issue may allow an attacker to gain knowledge of the file...
Mini SQL 1.0/1.3 - Remote Format String
// source: https://www.securityfocus.com/bid/8295/info Mini SQL mSQL has been reported prone to a remotely exploitable format string vulnerability, when handling user-supplied data. Reportedly a remote attacker may send malicious format specifiers to trigger the issue. This vulnerability could...
Novell Netware Enterprise Web Server 5.1/6.0 - 'CGI2Perl.NLM' Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/8251/info Novell Netware Enterprise Web Server cgi2perl.nlm has been reported prone to a buffer overflow vulnerability. The issue presents itself, likely due to insufficient bounds checking performed on user-supplied data. It has been reported that a remo...