[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier

=========================================================================== =========================================================================== Advisory: 2004-Nuke-001 Affected Software: PHPNuke Affected Versions: Version 7.3 and earlier Main Developer: Francisco Burzi...

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...

Safari remote arbitrary code execution

Adv: safari0x04 Release Date: 10/05/04 Affected Products: Safari = 1.2 Fixed in: Not fixed. Impact: Remote code execution. Severity: High. Vendor: Notified 23/02/04 Author: fundisom.com Apple uses a special function to execute scripts and applications from his Help system. Unfortunatly, this Help...

[Full-Disclosure] Vuln. MacOSX/Safari: Remote help-call, execute scripts

I usually complain a lot about the Windows-security settings, and consider NIX systems to be of an entirely different level. But this time I found my own arguments off short. I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running in...

Cross Site Scripting in Moodle < 1.3

Cross Site Scripting in Moodle 1.3 ==================================== 2004-04-30 01 Author: author: Bartek Nowotarski silence location: Trzebinia, Poland mail: silence10atwpdotpl site: silencedot0dotpl 02 Discussion: "Moodle is a course management system CMS - a software package designed to hel...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...

Fusionphp Fusion News 3.6.1 - Cross-Site Scripting

Fusionphp Fusion News 3.6.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based...

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting

source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

phpBB 2.0.x - 'album_portal.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due...

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. Thes...

PT-2004-1312 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook version 2002 Description: The issue concerns an argument injection vulnerability where Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE. Thi...

XSS in e107 forum

Существует возможность вставки произвольного HTML код в тело сообщения. Удаленный атакующий может вставить специально отформатированный BB тэг bbcode , чтобы заставить форум отобразить произвольный код сценария в браузере пользователя, просматривающего злонамеренное сообщение. При желании, укорот...

Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting

Topic Calendar 1.0.1 - CalendarScheduler.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

Topic Calendar 1.0.1 - 'Calendar_Scheduler.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...