Cross site scripting

Cross-site scripting XSS vulnerability in MyBulletinBoard MyBB allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as...

CVE-2006-0198

CVE-2006-0198 describes a Cross-site scripting (XSS) vulnerability in a XOOPS module (possibly poll or Pool) where remote attackers can inject arbitrary web script or HTML via the SRC attribute of an IMG element in a comment. The issue is documented with a MEDIUM base score (4.3) and partial inte...

CVE-2005-4644

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

CVE-2006-0089

Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute...

PYSEC-2005-1

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

CVE-2005-4775

Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash...

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service memory consumption and application crash via HTML files with a large ROWSPAN attribute in a TD tag...

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service memory consumption and application crash via HTML files with a large ROWSPAN attribute in a TD tag...

Commodity Rentals 2.x "user_id" Sql inj.

Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html Vendor:http://www.commodityrentals.com/ affected version: 2.x and prior Product Description: CommodityRentals is the most comprehensive Online Rental Business...

kernel security update

CentOS Errata and Security Advisory CESA-2005:808 Updated kernel packages that fix several security issues and a page attribute mapping bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The...

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

CVE-2005-2710

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the 1 image handle or 2 timeformat attribute in a RealPix .rp or RealText .rt file...

CVE-2002-1813

Directory traversal vulnerability in AOL Instant Messenger AIM 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link...

CVE-2005-1638

The vulnerability CVE-2005-1638 affects the SafeHTML library, with the _writeAttrs function failing to properly quote attribute values. This mis-handling can enable cross-site scripting (XSS) in applications that rely on SafeHTML for protection. Affected: SafeHTML prior to 1.3.2. Root cause: insu...

CVE-2005-1638

The writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting XSS vulnerabilities in applications that rely on SafeHTML for protection...

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

CVE-2003-1136

Cross-site scripting XSS vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via 1 HTML in a posted message or 2 Javascript in an onmouseover attribute in an e-mail address or URL...

security flaw

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

CVE-2003-1106

The CVE-2003-1106 entry describes a DoS condition in the SMTP service of Microsoft Windows 2000 prior to SP4. A remote attacker can crash or hang the service by sending an e-mail with a malformed FILETIME timestamp. The provided documents do not specify a patch or workaround; no exploit code or i...