CVE-2003-0736

Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...

PayPal Store Front 3.0 - index.php Remote File Inclusion

PayPal Store Front 3.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an...

PayPal Store Front 3.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...

CVE-2003-0801

Cross-site scripting XSS vulnerability in Nokia Electronic Documentation NED 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these vulnerabilities. Four instances of...

CVE-2002-1567

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script...

CVE-2002-1567

CVE-2002-1567 is an XSS vulnerability in Apache Tomcat 4.1 where an attacker can cause script execution and cookie theft by crafting a URL containing encoded newline characters that precede a .jsp request. The underlying issue is improper sanitization of request strings in Tomcat 4.1 (affecting 4...

MSIE->WsFakeSrc

WsFakeSrc tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-MyPage.HTM or http://umbrella.mx.tc --- WsFakeSrc...

MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method

BodyRefreshLoadsJPU:refresh is a new navigation method tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the patch for method caching attack. OS Ver: "Windows XP Cn ver"...

Microsoft Internet Explorer 6 - Script Execution

Microsoft Internet Explorer 6 - Script Execution source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details...

Microsoft Internet Explorer 6 - Script Execution

source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the reported issues. This vulnerabili...

ICQ Webfront - Persistant XSS

------------------------------------------------------------------ - EXPL-A-2003-024 exploitlabs.com Advisory 024 ------------------------------------------------------------------ -= ICQ Webfront =- Donnie Werner Sept 09 2003 exploitlabs.com Vunerabilitys: ---------------- 1. Persistant Remote X...

CVE-2003-0736

Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

PT-2003-1822 · Realnetworks · Realone Player

Name of the Vulnerable Software and Affected Versions: RealOne player affected versions not specified Description: The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a SMIL presentation with a URL that references a scripting protocol. The...

[Full-Disclosure] XSS in ezboard

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla sorry but I don't have ti...

TSguestbook 2.1 - 'Message' HTML Injection

source: https://www.securityfocus.com/bid/8520/info It has been reported that TSguestbook may be prone to HTML injection attacks. The problem is said to occur due to insufficient sanitization of user-supplied input within the 'message' field. As a result, an attacker may post a guestbook entry...

CVE-2003-0531

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...

CVE-2003-0531

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...