Microsoft Exchange Server 20002003 - Outlook Web Access Script Injection

Microsoft Exchange Server 20002003 - Outlook Web Access Script Injection source: https://www.securityfocus.com/bid/18381/info Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to...

HeffnerCMS Remote Command Exucetion And Cross Scripting Attack

Website : http://www.christian-heffner.de Version : 1.07 I. ?php $filename="index.php"; requireonce 'vlib/vlibTemplate.php'; $tmpl = new vlibTemplate'tmpl/std/index.tpl'; requireonce 'config/dbconfig.php'; requireonce 'config/pcfunctions.php'; Ucuyor.... : lol II. Vulnerable code ;...

IMP HTML+TIME XSS Vulnerability

The remote server is running at least one instance of IMP whose version number is 3.2.4 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to inject arbitrary content, including script, in a specially crafted MIME message. To have an effect, the...

bookreviewXSS.txt

BookReview 1.0 multiple variable XSS vendor url:http://www.readersunite.com advisore:http://lostmon.blogspot.com/2005/05/ bookreview-10-multiple-variable-xss.html vendor notify: yes exploit available: yes BookReview contains a flaw that allows a remote cross site scripting attack.This flaw exists...

Secure Science Corporation Application Software Advisory 055

Secure Science Corporation Advisory ASA-055 http://www.securescience.net [email protected] 877-570-0455 --------------------------------------------------------- PHPROJEKT 4.2 Chatroom is vulnerable to Cross-Site Scripting XSS attacks allowing a "broadcast" attack to users in the...

ProfitCode PayProCart usrdetails.php sgnuptype Parameter XSS

The remote host is running PayProCart, a shopping cart software program written in PHP. The remote version of this software contains an input validation flaw in the file 'usrdetails.php' that could allow an attacker to use the remote host to perform a cross-site scripting attack. %NASLMINLEVEL...

OpenWebmail openwebmail.pl logindomain Parameter XSS

Binary data 2616.prm...

MySQL Eventum index.php email Parameter XSS

The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...

GLSA-200412-26 : ViewCVS: Information leak and XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200412-26 ViewCVS: Information leak and XSS vulnerabilities The tar export functions in ViewCVS bypass the 'hidecvsroot' and 'forbidden' settings and therefore expose information that should be kept secret CAN-2004-0915...

Horde IMP with MSIE MIME Viewer Email Message XSS

The remote server is running at least one instance of IMP whose version number is 3.2.4 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to inject arbitrary content, including script, in a specially crafted MIME message. To have an effect, the...

Important: Red Hat Security Advisory: php security update

Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP...

IMP Content-Type Header XSS

The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...

memmansys21.txt

Title: Vulnerabilities in Member Management System 2.1 Software: Member Management System 2.1 Vendor: http://www.expinion.net/software/appmms.asp Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user and adm...

Multiple Real media players fail to properly validate SMIL files

Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...

[NT] PostMaster Cross Site Scripting Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Ezboard - invitefriends.php3 Cross-Site Scripting

Ezboard - invitefriends.php3 Cross-Site Scripting source: https://www.securityfocus.com/bid/8519/info The 'invitefriends.php3' script of Ezboard has been reported prone to cross-site scripting attacks. The issue occurs due to a lack of sufficient sanitization performed on user-supplied URI...

Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting

source: https://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the...

myPHPNuke 1.8.8 - 'Default_Theme' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6544/info Reportedly, myPHPNuke does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a...

Michael Schatz Books 0.540.6 PostNuke Module - Cross-Site Scripting

Michael Schatz Books 0.540.6 PostNuke Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follo...

[SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack

Package : imp Problem type : cross-site scripting CSS Debian-specific: no A cross-site scripting CSS problem was discovered in Horde and IMP a web based IMAP mail package. This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version...