[Full-Disclosure] Vuln. MacOSX/Safari: Remote help-call, execute scripts

I usually complain a lot about the Windows-security settings, and consider NIX systems to be of an entirely different level. But this time I found my own arguments off short. I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running in...

CVE-2004-1965

Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to index.p...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...

CVE-2004-1964

Cross-site scripting XSS vulnerability in nqt.php in Network Query Tool NQT 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter...

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

CVE-2004-1862

Multiple cross-site scripting XSS vulnerabilities in Extreme Messageboard XMB 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the 1 xmbuser parameter to xmb.php, 2 folder parameter to u2u.php, 3 viewmost, replymost, or latest parameter to stats.php, 4 messag...

CVE-2004-1829

Multiple cross-site scripting XSS vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 pagetitle or 2 error parameters, or 3 certain parameters in the error log...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

CVE-2004-1822

Multiple cross-site scripting XSS vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPREFERER parameter to login.php, 2 HTTPREFERER parameter to register.php, or 3 target parameter to profile.php...

CVE-2004-0046

Cross-site scripting XSS vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' double quote character...

CVE-2003-1543

Cross-site scripting XSS vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message...

CVE-2003-1317

Cross-site scripting XSS vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2003-1536

Multiple cross-site scripting XSS vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via 1 the q parameter to search.php and 2 the year parameter to calendar.php...

CVE-2003-1479

Cross-site scripting XSS vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field...

CVE-2003-1334

Cross-site scripting XSS vulnerability in Kai Blankenhorn Bitfolge simple and nice index file aka snif before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2003-1211

Cross-site scripting XSS vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter...

CVE-2003-1100

Multiple cross-site scripting XSS vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors...

CVE-2003-1498

Cross-site scripting XSS vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoomquery parameter...

CVE-2003-1556

Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...

CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...