CVE-2002-0682

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet...

CVE-2002-0546

CVE-2002-0546: In the Winamp mini-browser (versions 2.78 and 2.79), the HTML/JS execution vulnerability is triggered by crafted ID3v1/ID3v2 tags in MP3 files, allowing remote script execution. The root cause is cross-site scripting within the mini-browser component when processing MP3 metadata. E...

CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...

Newtelligence DasBlog 1.x - Request Log HTML Injection

Newtelligence DasBlog 1.x - Request Log HTML Injection source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input...

GLSA-200406-08 : Squirrelmail: Another XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200406-08 Squirrelmail: Another XSS vulnerability A new cross-site scripting XSS vulnerability in Squirrelmail-1.4.3rc1 has been discovered. In functions/mime.php Squirrelmail fails to properly sanitize user input. Impact : By...

GLSA-200406-11 : Horde-IMP: Input validation vulnerability

The remote host is affected by the vulnerability described in GLSA-200406-11 Horde-IMP: Input validation vulnerability Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact : By enticing a user to read a specially crafted e-mail, an attacker can...

CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11064/info Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input. As a result of this issue and attacker...

VulnCheck KEV: CVE-2004-0820

Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...

HastyMail HTML Attachment Script Execution

The remote host is running HastyMail, a PHP-based mail client application. The installed version contains a flaw caused by email attachments not being properly defined int he Content-Disposition HTTP header. An attacker could exploit this flaw to inject Javascript or ActiveX code in an attachment...

Powie's PSCRIPT Forum fails to filter user posts

Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'registerglobals = on'. When PHP is configured to register glob...

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution

Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with...

Yahoo! Messenger ymsgr URI Arbitrary Script Execution

Binary data 1263.prm...

Yahoo! Messenger ymsgr URI Arbitrary Script Execution

Binary data 1262.prm...

CVE-2004-0519

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php...

CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

Google Chrome < 1.0.154.59 Same Origin Policy Bypass Vulnerability

Binary data 5004.pasl...

CVE-2004-0672

Multiple cross-site scripting XSS vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via 1 script that starts with %00 in the numOfExpressions parameter or 2 the mobjtype parameter...

CVE-2004-0529

The modified suexec program in cPanel, when configured for modphp and compiled for Apache 1.3.31 and earlier without modphpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as 1 proftpdvhosts or 2 addalink.cgi, a...