CVE-2004-2756

Cross-site scripting XSS vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the 1 forum and 2 topicid parameters...

CVE-2004-2379

Multiple cross-site scripting XSS vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via 1 the Displayed Name attribute in util.pl and 2 the Folder attribute in showmail.pl...

WPkontakt.txt

Product: WPKontakt , Jaroslaw Sajko Advisory: http://www.man.poznan.pl/security/wpkontakt.html ISSUE WPkontakt is the another Polish instant messenger. The problem is similiar to the problems revealed in GG or Tlen.pl - parsing error leading to the remote script execution. DETAILS Parsing error...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable...

JSBoard Remote Arbitrary Script Upload

Binary data 2464.prm...

CVE-2004-1210

Cross-site scripting XSS vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the 1 url or 2 part variables...

CVE-2004-1229

Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via 1 http:// or 2 news:// URLs, a different vulnerability than CVE-2004-1410...

CVE-2004-1213

Cross-site scripting XSS vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter...

Apache on Mac OS X HFS+ Arbitrary File Source Disclosure

The remote host seems to be running Mac OS X or Mac OS X Server. There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the sour...

CVE-2004-1133

Multiple cross-site scripting XSS vulnerabilities in Microsoft W3Who ISAPI w3who.dll allow remote attackers to inject arbitrary HTML and web script via 1 HTTP headers such as "Connection" or 2 invalid parameters whose values are echoed in the resulting error message...

CVE-2004-1130

Cross-site scripting XSS vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as 1 username, 2 name, or 3 comments...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

CVE-2004-0314

Cross-site scripting XSS vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter...

CVE-2004-0347

Cross-site scripting XSS vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 build 4797 allows remote authenticated users to execute arbitrary script as other users via the row parameter...

CVE-2004-1630

Cross-site scripting XSS vulnerability in the login form in Open WorkFlow Engine OpenWFE 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter...

CVE-2004-0781

Cross-site scripting XSS vulnerability in list.cgi in the Icecast internal web server icecast-server 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter...

CVE-2004-1621

NOTE: this issue has been disputed by the vendor. Cross-site scripting XSS vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of 1 computed for display, 2...

CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...