Gadu-Gadu Remote DoS (all versions)

Product: Tlen.pl = 5.23.4.1 Vendor: o2.pl Sp. z o.o. http://www.tlen.pl/ Impact: Remote script execution Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 20/12/04 ISSUE Tlen.pl is the instant messenger application used by more than 700 000 users. The...

Zwiki: XSS vulnerability

Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...

Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution

source: https://www.securityfocus.com/bid/12050/info Tlen.pl is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Tlen.pl 5.23.4.1 an...

Gadu-Gadu, another two bugs

Product: Gadu-Gadu, build 155 and older Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Script execution in local zone, Remote DoS Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 17/12/04 ISSUE Gadu-Gadu is the first Polish instant messenger...

CVE-2004-1130

Cross-site scripting XSS vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as 1 username, 2 name, or 3 comments...

CVE-2004-1106

Cross-site scripting XSS vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

IPCop 1.4.1 - Web Administration Interface Proxy Log HTML Injection

IPCop 1.4.1 - Web Administration Interface Proxy Log HTML Injection source: https://www.securityfocus.com/bid/11779/info IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied...

IPCop 1.4.1 - Web Administration Interface Proxy Log HTML Injection

source: https://www.securityfocus.com/bid/11779/info IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web pages. This...

CVE-2004-0251

Cross-site scripting XSS vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-0271

Multiple cross-site scripting vulnerabilities XSS in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via 1 the subname parameter of dlshowall.asp, 2 the SendTo parameter in Personal Messages, 3 the HTTPREFERER for down.asp, or 4 the image name of an Avatar in th...

CVE-2004-0314

Cross-site scripting XSS vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter...

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

CVE-2004-0319

Cross-site scripting XSS vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a 1 font color or 2 font face argument...

CVE-2004-0254

Cross-site scripting XSS vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

CVE-2004-0347

Cross-site scripting XSS vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 build 4797 allows remote authenticated users to execute arbitrary script as other users via the row parameter...

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting source: https://www.securityfocus.com/bid/11596/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitra...

TIPS MailPost 5.1.1 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser throug...