SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...

CVE-2003-0623

Cross-site scripting XSS vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument...

CVE-2003-1187

Cross-site scripting XSS vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contactemail parameter...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

CVE-2003-0801

Cross-site scripting XSS vulnerability in Nokia Electronic Documentation NED 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script...

Thread-ITSQL XSS Vulnerability

Thread-ITSQL XSS Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Thread-ITSQL Vendor: http://www.ymonda.co.uk Issue: Remote attackers can inject XSS script. Description: ============ "Thread-ITSQL message board product is designed specifically for SQL Serv...

CVE-2003-0769

Cross-site scripting XSS vulnerability in the ICQ Web Front guestbook guestbook.html allows remote attackers to insert arbitrary web script and HTML via the message field...

PT-2003-1862 · Icq · Icq Web Front

Name of the Vulnerable Software and Affected Versions: ICQ Web Front affected versions not specified Description: A cross-site scripting XSS issue exists in the guestbook component of ICQ Web Front, specifically in the guestbook.html file. This allows remote attackers to inject arbitrary web scri...

ICQ Webfront - Persistant XSS

------------------------------------------------------------------ - EXPL-A-2003-024 exploitlabs.com Advisory 024 ------------------------------------------------------------------ -= ICQ Webfront =- Donnie Werner Sept 09 2003 exploitlabs.com Vunerabilitys: ---------------- 1. Persistant Remote X...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

PT-2003-1822 · Realnetworks · Realone Player

Name of the Vulnerable Software and Affected Versions: RealOne player affected versions not specified Description: The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a SMIL presentation with a URL that references a scripting protocol. The...

ZH2003-21SA (security advisory): DcForum+ XSS Vulnerability

ZH2003-21SA security advisory: DcForum+ XSS Vulnerability Published: 10 august 2003 Released: 10 august 2003 Name: DcForum+ Affected Systems: 1.2 Issue: Remote attackers can inject XSS script Author: G00db0y zone-h org Vendor: http://www.dcscripts.com/dcforump.shtml Description Zone-h Security Te...

CVE-2003-1088

Cross-site scripting XSS vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter...

DSA-371 perl - cross-site scripting

Bulletin has no description...

CVE-2003-0492

Cross-site scripting XSS vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter...

CVE-2003-0446

Cross-site scripting XSS in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message...

CVE-2003-0389

Cross-site scripting XSS vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script...

CVE-2003-0447

The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated...

CVE-2003-0526

Cross-site scripting XSS vulnerability in Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages 1 500.htm for "500...

CVE-2003-0523

Cross-site scripting XSS vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter...