OpenBiblio 0.x - 'theme_preview.php?themeName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities...

ImgSvr 0.6.21 - Error Message Remote Script Execution

source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

ImgSvr 0.6.21 - Error Message Remote Script Execution

ImgSvr 0.6.21 - Error Message Remote Script Execution source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the...

iDevSpot iSupport 1.8 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. This issue affects iSupport 1.8;...

JVN#65427327 Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web...

Synergiser 1.2 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/26289/info Synergiser is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. Synergiser 1.2 RC1 is vulnerable ...

CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...

Adobe pdf reader URI use analysis-vulnerability warning-the black bar safety net

poc someone has already published. Use in a manner substantially homogenous tftp,tftp use up the limited system,the firewall of the factors. So simple to talk about another use-bundled exe is generated and executed. First, this vulnerability can execute arbitrary commands. I haven't tried directl...

SiteBar 3.3.8 - 'translator.php?dir' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability - Multiple arbitrary-script-code-execution vulnerabilities -...

SiteBar 3.3.8 - translator.php?dir Traversal Arbitrary File Access

SiteBar 3.3.8 - translator.php?dir Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerabili...

JVN#63304072 MouseoverDictionary vulnerable to arbitrary script execution

MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script on the user's web browser as it does not handle the sidebar HTML page properly. Impact An attacker could execute an arbitrary...

CVE-2007-4820

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

Mozilla FirefoxThunderbirdSeaMonkey - Chrome-Loaded About:Blank Script Execution

Mozilla FirefoxThunderbirdSeaMonkey - Chrome-Loaded About:Blank Script Execution source: https://www.securityfocus.com/bid/25142/info Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges. A malicious site may be able...

Mozilla Firefox/Thunderbird/SeaMonkey - Chrome-Loaded About:Blank Script Execution

source: https://www.securityfocus.com/bid/25142/info Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a vulnerability that allows JavaScript to execute with unintended privileges. A malicious site may be able to cause the execution of a script with Chrome privileges. Attackers could explo...

CVE-2007-3930

Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting XSS attacks when spellchecking UTF-8 encoded messages via the spellutf8test function in lib/exe/spellcheck.php, which...

JVN#34058672 Nessus report function vulnerable to arbitrary script execution

Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed...

Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulne

MS07-034 The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations. This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive informati...

[Full-disclosure] MS07-034: Executing arbitrary script with mhtml: protocol handler

MS07-034: Executing arbitrary script with mhtml: protocol handler Author:Yosuke HASEGAWA yosuke.hasegawa at gmail.com Date: Wed, 21 Jun 2007 CVE: CVE-2007-2225, CVE-2007-2227 Original advisory: http://openmya.hacker.jp/hasegawa/security/ms07-034.txt...

WebIf - 'OutConfig' Local File Inclusion

source: https://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

JVN#27203006 Internet Explorer vulnerable in MHTML handling

When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual content types. This behavior may result in executing the scripts embedded in the contents. The MHTML protocol handler is included in the Outlook Express...