CVE-2004-1735

Cross-site scripting XSS vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field...

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'registerglobals = on'. When PHP is configured to register glob...

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with...

CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

CVE-2004-1719

Multiple cross-site scripting XSS vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 cserver, 3 ext, 4 global, 5 showgroups, 6 or showlite parameters to address.html, or the 7 spage or 8 autoresponder parameters to...

CVE-2004-1716

Cross-site scripting XSS vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the 1 IRC Server or 2 AIM ID fields in the user profile...

CVE-2004-0203

Cross-site scripting XSS vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query...

CVE-2004-0660

Cross-site scripting XSS vulnerability in 1 showarchives.php, 2 shownews.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter...

CVE-2004-0591

Cross-site scripting XSS vulnerability in the printheaderuc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via 1 e-mail headers or 2 a message with a "message/delivery-status" MIME Content-Type...

CVE-2004-1711

Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

CVE-2004-2064

Cross-site scripting XSS vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the 1 Email or 2 Website fields...

CVE-2004-0737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 sid, 2 max, 3 sel1, 4 sel2, 5 sel3, 6 sel4, 7 sel5, 8 match, 9 mod1, 10 mod2, or 11 mod3 parameters...

CVE-2004-0725

Cross-site scripting XSS vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2004-0726

The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel...

Microsoft Internet Explorer - Remote Wscript.Shell

Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...

YaPiG 0.92 - Remote Server-Side Script Execution

YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...

CVE-2004-0617

Cross-site scripting XSS vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter...

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...

CVE-2004-2040

Multiple cross-site scripting XSS vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the 1 LAN407 parameter to clockmenu.php, 2 "email article to a friend" field, 3 "submit news" field, or 4 avmsg parameter to usersettings.php...

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...