Lucene search
+L

6056 matches found

securityvulns
securityvulns
added 2003/11/14 12:0 a.m.29 views

Webwasher Classic Error-Message XSS Vulnerability

Webwasher Classic Error-Message XSS Vulnerability ================================================= Description =========== WebWasher Classic is vulnerable to a XSS attack. If a HTTP GET-Request, containing script code, is sent to the proxy port default 8080/TCP, an error page is shown, which...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/10/23 12:0 a.m.35 views

[Full-Disclosure] ByteHoard Directory Traversal Vulnerability

ByteHoard Directory Traversal Vulnerability 17 October 2003 Original Advisory http://www.sintelli.com/adv/sa-2003-03-bytehoard.pdf Background ByteHoard is online storage system whereby users can upload and download their files from anywhere with an Internet connection. More information about the...

Exploits0
exploitpack
exploitpack
added 2003/05/07 12:0 a.m.25 views

Microsoft Windows Media Player 7.1 - Skin File Code Execution

Microsoft Windows Media Player 7.1 - Skin File Code Execution source: https://www.securityfocus.com/bid/7517/info Windows Media Player is vulnerable to code execution through skin files. WMP does not properly validate URLs that are passed to initiate a skin file download and installation. This...

Exploits0
Exploit DB
Exploit DB
added 2003/05/07 12:0 a.m.25 views

Microsoft Windows Media Player 7.1 - Skin File Code Execution

source: https://www.securityfocus.com/bid/7517/info Windows Media Player is vulnerable to code execution through skin files. WMP does not properly validate URLs that are passed to initiate a skin file download and installation. This could allow a malicious file advertised as a skin file to be...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/01/08 12:0 a.m.21 views

A security vulnerability in S8Forum

INFORMATIONS : ============= - Product : S8Forum - Tested version : 3.0 maybe other versions. - Website : http://www.kellishaver.com/ Vendor Status: not informed yet !!! - Problem : A security vulnerability in S8Forum PROBLEM : ========= This forum writen by PHP. It doesn't use database, instead...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2002/07/24 12:0 a.m.29 views

Cacheflow CacheOS 3.1.x/4.0.x/4.1 - Unresolved Domain Cross-Site Scripting

source: https://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host error page. An attacker may constru...

7AI score
Exploits0
CERT
CERT
added 2002/03/06 12:0 a.m.32 views

Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"

Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...

5.8AI score
Exploits0References4
CERT
CERT
added 2001/08/27 12:0 a.m.27 views

IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the IBM VisualAge Professional Vesion 3.5 Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on...

7.5CVSS5.4AI score0.02208EPSS
Exploits1References5
CERT
CERT
added 2001/08/23 12:0 a.m.26 views

IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the IBM WebSphere Java Servlet Container 3.5 and earlier are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated...

7.5CVSS5.5AI score0.02208EPSS
Exploits1References5
CERT
CERT
added 2001/08/17 12:0 a.m.34 views

Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web Servers that use the Apache Tomcat Java Servlet Container are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from...

5.1CVSS5.4AI score0.1382EPSS
Exploits1References5
CERT
CERT
added 2001/07/27 12:0 a.m.16 views

Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Lotus Domino R5 Servers are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem...

6AI score
Exploits0References5
CERT
CERT
added 2001/07/27 12:0 a.m.24 views

Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page

Overview Web servers that use the Resin Java Servlet Container, versions 1.2.3 and earlier, are vulnerable to a cross-site scripting vulnerability. A web site may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidat...

5.1CVSS5.6AI score0.02773EPSS
Exploits1References5
exploitpack
exploitpack
added 2001/01/07 12:0 a.m.25 views

eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution

eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2000/08/30 12:0 a.m.28 views

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution

CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system...

1.2AI score
Exploits0
Packet Storm
Packet Storm
added 2000/07/13 12:0 a.m.29 views

bb-14h2.txt

versions affected: bb14h2 current and older exploit: bbd listens for incoming connections on port 1984. Using telnet or the bb client, it is possible to connect and create a filename with an arbitrary extension, as the extension is not rigorously checked. As this file is droped into a directory...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 1970/01/01 12:0 a.m.9 views

PT-2010-5658 · Isc +2 · Isc Bind +2

Name of the Vulnerable Software and Affected Versions: ISC BIND versions 9.0.x through 9.3.x ISC BIND versions 9.4 before 9.4.3-P5 ISC BIND versions 9.5 before 9.5.2-P2 ISC BIND versions 9.6 before 9.6.1-P3 ISC BIND version 9.7.0 beta Description: The issue allows remote attackers to conduct DNS...

7.6CVSS7.6AI score0.09363EPSS
Exploits1References33
Rows per page
Query Builder