CVE-2002-0368

CVE-2002-0368 concerns Microsoft Exchange 2000 where the Store Service can be overwhelmed by a crafted mail message. A remote attacker can trigger a denial of service by sending a message containing a malformed RFC 2822 attribute, causing CPU resource exhaustion and partial availability impact on...

phpReactor - Cross-Site Scripting via STYLE

phpReactor has recently been updated to eliminate several known cross-site scripting vulnerabilities. Among these changes was to reduce the tags allowed in posts, profiles, etc. down to B, I, and FONT. However, using the "STYLE" attribute, one can still defeat this: b...

Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting

source: https://www.securityfocus.com/bid/5270/info A cross site scripting vulnerability has been reported for Geeklog. Reportedly, Geeklog does not properly sanitize user supplied input before being included when posting comments or writing stories. Geeklog makes efforts to sanitize some malicio...

CVE-2002-0591

CVE-2002-0591 refers to a directory-traversal vulnerability in AOL Instant Messenger (AIM) up to and including version 4.8 beta and earlier . The flaw allows a remote attacker to create arbitrary files and execute commands via a Direct Connection using an IMG tag with a SRC attribute that specifi...

Несанкционированный доступ в OpenLDAP (unauthorized access)

Пользователь может удалить любой аттрибут...

Re: More problems with RADIUS (protocol and implementations)

I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...

security flaw

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...

Re: Microsoft Media Player ASX Parser buffer overflow vulnerability

I found yet another bof condition in the ASX VERSION tag : an .ASX file with the contents : ASX VERSION="AAAAAAAAAAA ... AAAAAAA" crashes MPLAYER 6.4 in dxmasf.dll... greetz, ByteRage [email protected] http://elf.box.sk/byterage REVELATION: HREF attribute of BANNER tag can be abused to smash our...

Cisco IOS BGP Attribute Corruption Vulnerability

...

HM Software S to Infinity 3.0 - Multiple Vulnerabilities

HM Software S to Infinity 3.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/1368/info A number of vulnerabilities exist in HM Software S to Infinity, a security access control, desktop lockdown and transparent encryption application. Intended features include restriction of...

Security Bulletin (MS00-033)

Microsoft Security Bulletin MS00-033 - -------------------------------------- Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities Originally Posted: May 17, 2000 Summary ======= Microsoft has released a comprehensive...

CVE-1999-0895

Firewall-1 does not properly restrict access to LDAP attributes...

Security update 1970-01-01

...

Cross-Site Scripting

I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)

More info at https://symfony.com/cve-2026-45753...

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

Cross-Site Scripting

I've picked up on the work started over at https://github.com/erusev/parsedown/pull/276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggest...