6719 matches found
Gallery 1.4.4 - Remote Server-Side Script Execution
Gallery 1.4.4 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the...
[Full-Disclosure] XSS in Board Power forum
Programm: Board Power forum v2.04 PF Autor: Ivan Zhdanov CRITICAL: Low Exploit: http://target/cgi-bin/boardpower/icq.cgi?action=scriptjavascript:alert 'hello';/script URL: http://www.thewebmasterforums.com ...... Maxpatrol - Professional Network Security Scanner www.maxpatrol.com. Full-Disclosure...
CVE-2004-0675
Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...
CVE-2004-0672
Multiple cross-site scripting XSS vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via 1 script that starts with %00 in the numOfExpressions parameter or 2 the mobjtype parameter...
CVE-2004-0681
Multiple cross-site scripting XSS vulnerabilities in 1 comersuscustomerAuthenticateForm.asp, 2 comersusbackofficemessage.asp, 3 comersussupportError.asp, or 4 comersusmessage.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter...
Microsoft Internet Explorer - Remote Wscript.Shell
Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...
Media Preview Script Execution Vulnerability
Note: This vulnerability as well as several more can be found at http://www.geryhats.cjb.net Media Preview Script Execution Vulnerability Tested MSDXM.DLL file version 6.4.09.1128 Microsoft Windows 2000 Discussion By using the windows media player control, media can be played in a browser,...
YaPiG 0.92 - Remote Server-Side Script Execution
YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...
YaPiG 0.92 - Remote Server-Side Script Execution
source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...
Microsoft Internet Explorer 6 - Shell.Application Object Script Execution
source: https://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that may allow for further attacks. In...
CVE-2004-0606
Cross-site scripting XSS vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the 1 CLIENTID or 2 HOSTNAME option of a DHCP request...
CVE-2004-0584
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...
Usermin: Multiple vulnerabilities
Background Usermin is a web-based administration tool for Unix. It supports a wide range of user applications including configuring mail forwarding, setting up SSH or reading mail. Description Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contai...
PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others.
Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower not tested. Details: The PHP Include exploit exist in de folowing code,...
CVE-2004-0503
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...
[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier
=========================================================================== =========================================================================== Advisory: 2004-Nuke-001 Affected Software: PHPNuke Affected Versions: Version 7.3 and earlier Main Developer: Francisco Burzi...
Apple Mac OS X help system may interpret inappropriate local script files
Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...
Safari remote arbitrary code execution
Adv: safari0x04 Release Date: 10/05/04 Affected Products: Safari = 1.2 Fixed in: Not fixed. Impact: Remote code execution. Severity: High. Vendor: Notified 23/02/04 Author: fundisom.com Apple uses a special function to execute scripts and applications from his Help system. Unfortunatly, this Help...
[Full-Disclosure] Vuln. MacOSX/Safari: Remote help-call, execute scripts
I usually complain a lot about the Windows-security settings, and consider NIX systems to be of an entirely different level. But this time I found my own arguments off short. I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running in...
Cross Site Scripting in Moodle < 1.3
Cross Site Scripting in Moodle 1.3 ==================================== 2004-04-30 01 Author: author: Bartek Nowotarski silence location: Trzebinia, Poland mail: silence10atwpdotpl site: silencedot0dotpl 02 Discussion: "Moodle is a course management system CMS - a software package designed to hel...