6682 matches found
CVE-2003-1137
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...
Chi Kien Uong Guestbook 1.51 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8896/info It has been reported that Chi Kien Uong Guestbook may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The problem is reported to present itself due to...
Vivisimo Clustering Engine - Search Script Cross-Site Scripting
source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link design...
CVE-2003-0736
Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...
PayPal Store Front 3.0 - index.php Remote File Inclusion
PayPal Store Front 3.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an...
PayPal Store Front 3.0 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...
CVE-2003-0801
Cross-site scripting XSS vulnerability in Nokia Electronic Documentation NED 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script...
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these vulnerabilities. Four instances of...
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin...
CVE-2002-1567
CVE-2002-1567 is an XSS vulnerability in Apache Tomcat 4.1 where an attacker can cause script execution and cookie theft by crafting a URL containing encoded newline characters that precede a .jsp request. The underlying issue is improper sanitization of request strings in Tomcat 4.1 (affecting 4...
CVE-2002-1567
Cross-site scripting XSS vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script...
MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method
BodyRefreshLoadsJPU:refresh is a new navigation method tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the patch for method caching attack. OS Ver: "Windows XP Cn ver"...
MSIE->WsFakeSrc
WsFakeSrc tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-MyPage.HTM or http://umbrella.mx.tc --- WsFakeSrc...
Microsoft Internet Explorer 6 - Script Execution
Microsoft Internet Explorer 6 - Script Execution source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details...
Microsoft Internet Explorer 6 - Script Execution
source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the reported issues. This vulnerabili...
ICQ Webfront - Persistant XSS
------------------------------------------------------------------ - EXPL-A-2003-024 exploitlabs.com Advisory 024 ------------------------------------------------------------------ -= ICQ Webfront =- Donnie Werner Sept 09 2003 exploitlabs.com Vunerabilitys: ---------------- 1. Persistant Remote X...
CVE-2003-0736
Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...
PT-2003-1822 · Realnetworks · Realone Player
Name of the Vulnerable Software and Affected Versions: RealOne player affected versions not specified Description: The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a SMIL presentation with a URL that references a scripting protocol. The...