CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

iDEFENSE Security Advisory 03.09.04: Microsoft Outlook "mailto:" Parameter Passing Vulnerability

Microsoft Outlook "mailto:" Parameter Passing Vulnerability iDEFENSE Security Advisory 03.09.04 www.idefense.com/application/poi/display?id=79&type=vulnerabilities March 09, 2004 I. BACKGROUND Microsoft Outlook provides an integrated solution for managing and organizing e-mail messages, schedules...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...

CVE-2004-0015

vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges...

phpGroupWare 0.9.x - index.php HTML Injection

phpGroupWare 0.9.x - index.php HTML Injection source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and...

PHPGedView 2.61 - Multiple Remote File Inclusions

PHPGedView 2.61 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require paths for...

CVE-2003-1204

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via 1 the link parameter in sectionswindow.php, the directory parameter in 2 gallery.php, 3 navigation.php, or 4 uploadimage.php, the path...

CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...

Multiple DUWare Product Vulnerabilities

Vendor : DUWare URL : http://www.duware.com Version : DU Portal 3.0 / Multiple DUWare Products Risk : High / Multiple Vulnerabilities Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous advanced features such as Web-based administration,...

DUWare Multiple Products - Multiple Vulnerabilities

DUWare Multiple Vulnerabilities Vendor: DUWare Product: DUWare Version: Multiple Products Website: http://www.duware.com/ BID: 9246 Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous advanced features such as Web-based administration,...

DUWare Multiple Products - Multiple Vulnerabilities

DUWare Multiple Products - Multiple Vulnerabilities DUWare Multiple Vulnerabilities Vendor: DUWare Product: DUWare Version: Multiple Products Website: http://www.duware.com/ BID: 9246 Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous...

Jason Maloney's Guestbook XSS Vulnerability.

Introduction Jason Maloney's Guestbook is a simple CGI script which is both an easy to use and easy to setup guestbook script. The script fails to carefully sanitize user input, such as certain dangerous metacharacters, resulting in an XSS vulnerability. The Bug During the user-input parsing...

Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting

Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this...

XSS vulnerabilities in register.asp in Alan Ward Acart

Vulnerability: XSS vulnerabilities in register.asp Description: The registration form in register.asp does not properly sanitize user input. This means a malicious user can place script into the form fields when they register. The script is stored in the database intact and is called and executed...

Virtual Programming VP-ASP 4/5 - 'shopdisplayproducts.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the...

CVE-2003-0712

Cross-site scripting XSS vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access OWA allows remote attackers to execute arbitrary web script...

Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability

Description Microsoft has announced that a vulnerability exists in Internet Explorer when handling malicious XML objects. The problem is said to occur due to Internet Explorer failing to validate a supplied path when binding local data to the XML document. As a result, a malicious HTML containing...

[UNIX] OpenAutoClassifieds Cross-Site Scripting Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...