7611 matches found
Interspire ArticleLive 2005 - NewComment Cross-Site Scripting
source: https://www.securityfocus.com/bid/12879/info Interspire ArticleLive 2005 is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...
CzarNews 1.131.14 - headlines.php Remote File Inclusion
CzarNews 1.131.14 - headlines.php Remote File Inclusion source: https://www.securityfocus.com/bid/12857/info CzarNews is prone to a remote file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of th...
CoolForum 0.50.70.8 - avatar.php?img Cross-Site Scripting
CoolForum 0.50.70.8 - avatar.php?img Cross-Site Scripting source: https://www.securityfocus.com/bid/12852/info Multiple remote input validation vulnerabilities affect CoolForum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carr...
Phorum < 5.0.15 Multiple XSS
The version of Phorum installed on the remote host is prone to multiple cross-site scripting vulnerabilities due to its failure to sanitize user input. An attacker can exploit these flaws to potentially cause arbitrary script and HTML code to be rendered by a user's browser in the context of the...
CuteNews <= 1.3.6 Multiple XSS
According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an...
phpMyAdmin 2.6 - theme_right.css.php Multiple Cross-Site Scripting Vulnerabilities
phpMyAdmin 2.6 - themeright.css.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied...
CVE-2005-0526
Multiple cross-site scripting XSS vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via 1 the search string to search.php, 2 the subject of a PM, which is processed by pm.php, or 3 the body of a PM, which is processed by pmpshow.php...
MercuryBoard Forum 1.0/1.1 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/12578/info A remote cross-site scripting vulnerability affects the 'forum.php' script of MercuryBoard. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. A...
CVE-2004-1466
The settimelimit function in Gallery before 1.4.4p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using savephotos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directo...
[SA13948] TikiWiki "temp" Arbitrary Script Execution Vulnerability
TITLE: TikiWiki "temp" Arbitrary Script Execution Vulnerability SECUNIA ADVISORY ID: SA13948 VERIFY ADVISORY: http://secunia.com/advisories/13948/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: TikiWiki 1.x http://secunia.com/product/3356/ DESCRIPTION: Some...
Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
Overview A cross-domain vulnerability exists in the DHTML Editing ActiveX control. An attacker may be able to execute arbitrary script in the Local Machine Zone or read or modify data in other domains. For example, the attacker could execute arbitrary commands with parameters, download and execut...
FlatNuke < 2.5.2 Form Submission Arbitrary Script Injection
Binary data 2483.prm...
CVE-2004-1397
Cross-site scripting XSS vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl...
CVE-2004-2509
Cross-site scripting XSS vulnerabilities in 1 calendar.php, 2 login.php, and 3 online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter...
CVE-2004-1512
Cross-site scripting XSS vulnerability in Responsedefault.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page...
CVE-2004-1537
Cross-site scripting XSS vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter...
CVE-2004-2103
Cross-site scripting XSS vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via 1 a malformed request for a Perl program with script in the filename, 2 the User.id parameter to the webacc servlet, 3 the...
CVE-2004-2180
Multiple cross-site scripting XSS vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the 1 country parameter to viewuser.php, 2 show parameter to viewforum.php, 3 letter parameter to viewuser.php, 4 highlight parameter to viewtopic.php, 5 show...
CVE-2004-2346
Multiple cross-site scripting XSS vulnerabilities in Forum Web Server 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the Subject field in post1.htm and 2 the File Description field in postfile2.htm...