6056 matches found
Webwasher Classic Error-Message XSS Vulnerability
Webwasher Classic Error-Message XSS Vulnerability ================================================= Description =========== WebWasher Classic is vulnerable to a XSS attack. If a HTTP GET-Request, containing script code, is sent to the proxy port default 8080/TCP, an error page is shown, which...
[Full-Disclosure] ByteHoard Directory Traversal Vulnerability
ByteHoard Directory Traversal Vulnerability 17 October 2003 Original Advisory http://www.sintelli.com/adv/sa-2003-03-bytehoard.pdf Background ByteHoard is online storage system whereby users can upload and download their files from anywhere with an Internet connection. More information about the...
Microsoft Windows Media Player 7.1 - Skin File Code Execution
Microsoft Windows Media Player 7.1 - Skin File Code Execution source: https://www.securityfocus.com/bid/7517/info Windows Media Player is vulnerable to code execution through skin files. WMP does not properly validate URLs that are passed to initiate a skin file download and installation. This...
Microsoft Windows Media Player 7.1 - Skin File Code Execution
source: https://www.securityfocus.com/bid/7517/info Windows Media Player is vulnerable to code execution through skin files. WMP does not properly validate URLs that are passed to initiate a skin file download and installation. This could allow a malicious file advertised as a skin file to be...
A security vulnerability in S8Forum
INFORMATIONS : ============= - Product : S8Forum - Tested version : 3.0 maybe other versions. - Website : http://www.kellishaver.com/ Vendor Status: not informed yet !!! - Problem : A security vulnerability in S8Forum PROBLEM : ========= This forum writen by PHP. It doesn't use database, instead...
Cacheflow CacheOS 3.1.x/4.0.x/4.1 - Unresolved Domain Cross-Site Scripting
source: https://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host error page. An attacker may constru...
Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...
IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM VisualAge Professional Vesion 3.5 Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on...
IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...
Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...
Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Lotus Domino R5 Servers are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem...
Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page
Overview Web servers that use the Resin Java Servlet Container, versions 1.2.3 and earlier, are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidat...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system...
bb-14h2.txt
versions affected: bb14h2 current and older exploit: bbd listens for incoming connections on port 1984. Using telnet or the bb client, it is possible to connect and create a filename with an arbitrary extension, as the extension is not rigorously checked. As this file is droped into a directory...
PT-2010-5658 · Isc +2 · Isc Bind +2
Name of the Vulnerable Software and Affected Versions: ISC BIND versions 9.0.x through 9.3.x ISC BIND versions 9.4 before 9.4.3-P5 ISC BIND versions 9.5 before 9.5.2-P2 ISC BIND versions 9.6 before 9.6.1-P3 ISC BIND version 9.7.0 beta Description: The issue allows remote attackers to conduct DNS...