Verylost LostBook 1.1 - Message Entry HTML Injection

source: https://www.securityfocus.com/bid/10825/info Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and sanitize user-supplied input before including it in...

CVE-2004-0726

The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel...

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplied input. Successful exploitation o...

Gallery 1.4.4 - Remote Server-Side Script Execution

Gallery 1.4.4 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the...

[Full-Disclosure] XSS in Board Power forum

Programm: Board Power forum v2.04 PF Autor: Ivan Zhdanov CRITICAL: Low Exploit: http://target/cgi-bin/boardpower/icq.cgi?action=scriptjavascript:alert 'hello';/script URL: http://www.thewebmasterforums.com ...... Maxpatrol - Professional Network Security Scanner www.maxpatrol.com. Full-Disclosure...

CVE-2004-0672

Multiple cross-site scripting XSS vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via 1 script that starts with %00 in the numOfExpressions parameter or 2 the mobjtype parameter...

CVE-2004-0681

Multiple cross-site scripting XSS vulnerabilities in 1 comersuscustomerAuthenticateForm.asp, 2 comersusbackofficemessage.asp, 3 comersussupportError.asp, or 4 comersusmessage.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter...

CVE-2004-0675

Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...

Media Preview Script Execution Vulnerability

Note: This vulnerability as well as several more can be found at http://www.geryhats.cjb.net Media Preview Script Execution Vulnerability Tested MSDXM.DLL file version 6.4.09.1128 Microsoft Windows 2000 Discussion By using the windows media player control, media can be played in a browser,...

Microsoft Internet Explorer - Remote Wscript.Shell

Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...

YaPiG 0.92 - Remote Server-Side Script Execution

YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...

YaPiG 0.92 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...

Microsoft Internet Explorer 6 - Shell.Application Object Script Execution

source: https://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that may allow for further attacks. In...

CVE-2004-0606

Cross-site scripting XSS vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the 1 CLIENTID or 2 HOSTNAME option of a DHCP request...

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...

Usermin: Multiple vulnerabilities

Background Usermin is a web-based administration tool for Unix. It supports a wide range of user applications including configuring mail forwarding, setting up SSH or reading mail. Description Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contai...

PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others.

Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower not tested. Details: The PHP Include exploit exist in de folowing code,...

CVE-2004-0503

Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...

[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier

=========================================================================== =========================================================================== Advisory: 2004-Nuke-001 Affected Software: PHPNuke Affected Versions: Version 7.3 and earlier Main Developer: Francisco Burzi...

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...