Advanced Guestbook 2.22.3 - User-Agent HTML Injection

Advanced Guestbook 2.22.3 - User-Agent HTML Injection source: https://www.securityfocus.com/bid/14391/info Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically...

[SA13948] TikiWiki "temp" Arbitrary Script Execution Vulnerability

TITLE: TikiWiki "temp" Arbitrary Script Execution Vulnerability SECUNIA ADVISORY ID: SA13948 VERIFY ADVISORY: http://secunia.com/advisories/13948/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: TikiWiki 1.x http://secunia.com/product/3356/ DESCRIPTION: Some...

ExBB Netsted BBcode XSS

The remote host is running ExBB, a bulletin board system written in PHP. According to its version number, this install of ExBB has a persistent cross-site scripting vulnerability. Posting a maliciously crafted forum comment could lead to arbitrary script code execution. A remote attacker could...

Microsoft Windows HTML Help ActiveX control does not adequately validate window source

Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability

Overview A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execut...

Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge)

Wird einer B-420 Ethernet Bridge folgende URL bergeben startet sie neu. http://IP/Forms/rpAuth1?ZyXEL20ZyWALL20Seriesscripttop.location.pathname = ""/script Wird das ganze noch einmal wiederholt startet sie nicht mehr neu, sondern hngt einfach bzw. nimmt keine Anforderungen mehr entgegen und muss...

CVE-2004-1551

Cross-site scripting XSS vulnerability in the 1 email or 2 file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter...

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...

CVE-2004-1563

Multiple cross-site scripting XSS vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the 1 thread parameter to downloadthread.php, 2 loginuser parameter to login.php, or 3 userid parameter to forgotpassword.php...

CVE-2004-2098

Cross-site scripting XSS vulnerability in the banner engine TBE 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability...

CVE-2004-2279

Cross-site scripting XSS vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php...

CVE-2004-2115

Multiple cross-site scripting XSS vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the 1 action, 2 username, or 3 password parameters in an isqlplus request...

CVE-2004-2128

Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...

CVE-2004-2096

Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...

CVE-2004-1578

Cross-site scripting XSS vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header...

WPkontakt.txt

Product: WPKontakt , Jaroslaw Sajko Advisory: http://www.man.poznan.pl/security/wpkontakt.html ISSUE WPkontakt is the another Polish instant messenger. The problem is similiar to the problems revealed in GG or Tlen.pl - parsing error leading to the remote script execution. DETAILS Parsing error...

MS Internet Explorer (<= XP SP2) HTML Help Control Local Zone Bypass

Exploit for unknown platform in category remote exploits ==================================================================== MS Internet Explorer localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt /...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution

source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script...