3529 matches found
GLSA-200408-07 : Horde-IMP: Input validation vulnerability for Internet Explorer users
The remote host is affected by the vulnerability described in GLSA-200408-07 Horde-IMP: Input validation vulnerability for Internet Explorer users Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer...
JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks
Indonesia Security Development Team Indohack http://indohack.sourceforge.net/drponidi =========================================================================== Security Advisory Advisory Name: JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks Platform: Linux Any, UN...
Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow
Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...
JetboxOne may allow unauthorized users to execute arbitrary code
Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...
Horde-IMP: Input validation vulnerability for Internet Explorer users
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when...
myServer 0.6.2 - math_sum.mscgi Multiple Remote Overflows
myServer 0.6.2 - mathsum.mscgi Multiple Remote Overflows source: https://www.securityfocus.com/bid/10831/info Reportedly MyServer is affected by multiple remote vulnerabilities in the 'mathsum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly...
Horde-IMP: Input validation vulnerability
Background Horde-IMP is the Internet Messaging Program. It is written in PHP and provides webmail access to IMAP and POP3 accounts. Description Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact By enticing a user to read a specially crafted...
CVE-2004-0199
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability dvdupgrd.htm...
[FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation
ASPDOTNETSTOREFRONT Improper Session Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser...
[Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability
Opera Telnet URI Handler File Creation/Truncation Vulnerability iDEFENSE Security Advisory 05.12.04 www.idefense.com/application/poi/display?id=104&type=vulnerabilities May 12, 2004 I. BACKGROUND Opera is a cross-platform web browser. More information is available from http://www.opera.com/ II...
Re: [Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability
Another minor issue has also been corrected in Opera Browser version 7.50, allowing malicious websites to spoof the address bar. The solutions remains the same, therefore no need to paste our full advisory here. However, if you wish further details, they can be found at:...
DUware Software - Multiple Vulnerabilities
DUware Software - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary fi...
DUware Software - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary file upload vulnerability has been specified ...
CVE-2003-0979
FreeScripts VisitorBook LE visitorbook.pl does not properly escape line breaks in input, which allows remote attackers to 1 use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or 2 cause the guestbook database to be deleted via a large number of line...
Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion
Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion source: https://www.securityfocus.com/bid/9054/info It has been reported that Rolis Guestbook may be vulnerable to an input validation issue that may allow an attacker to include malicious files containing arbitrary code to be executed...
GoldLink 3.0 - Cookie SQL Injection
GoldLink 3.0 - Cookie SQL Injection source: https://www.securityfocus.com/bid/8847/info GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in informatio...
GuppY 2.4 - HTML Injection
source: https://www.securityfocus.com/bid/8717/info It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, "postguest.php", does not perform input validation to prevent the inclusion of HTML/script content in messages posted to the...
[Full-Disclosure] XSS in ezboard
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla sorry but I don't have ti...
CVE-2003-0370
CVE-2003-0370 affects Konqueror Embedded and KDE 2.2.2 and earlier, where the Common Name (CN) in X.509 certificates is not validated, enabling possible MITM certificate spoofing in TLS/SSL traffic. Public disclosures reference CAN-2003-0370 and describe the remote exploitation potential through ...
CVE-2003-0255
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...