Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution

source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script...

Zwiki: XSS vulnerability

Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...

MediaWiki 1.3.x - Arbitrary Script Upload

source: https://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If successful, the attacker can...

JSBoard 2.0.x - Arbitrary Script Upload

source: https://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If successful, the attacker can...

JSBoard 2.0.x - Arbitrary Script Upload

JSBoard 2.0.x - Arbitrary Script Upload source: https://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied...

CVE-2004-1106

Cross-site scripting XSS vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php...

CVE-2004-0251

Cross-site scripting XSS vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-0319

Cross-site scripting XSS vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a 1 font color or 2 font face argument...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

CVE-2004-0254

Cross-site scripting XSS vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag...

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting source: https://www.securityfocus.com/bid/11596/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitra...

TIPS MailPost 5.1.1 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser throug...

CVE-2004-1599

Cross-site scripting XSS vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the 1 query or 2 nick parameters...

BlackBoard Internet NewsBoard System 1.5.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/11336/info BlackBoard Internet Newsboard System is reported prone to a remote file include vulnerability. This issue presents itself because the application fails to sanitize user-supplied data properly. This issue may allow an attacker to include malicio...

Debian DSA-246-1 : tomcat - information exposure, XSS

The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0042: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome fil...

CVE-2004-1665

Cross-site scripting XSS vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter...

CVE-2004-0347

Cross-site scripting XSS vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 build 4797 allows remote authenticated users to execute arbitrary script as other users via the row parameter...

CVE-2002-1494

Cross-site scripting XSS vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message...

GLSA-200406-08 : Squirrelmail: Another XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200406-08 Squirrelmail: Another XSS vulnerability A new cross-site scripting XSS vulnerability in Squirrelmail-1.4.3rc1 has been discovered. In functions/mime.php Squirrelmail fails to properly sanitize user input. Impact : By...