CVE-2002-0594

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet CSS page that causes an HTTP redirect...

CVE-2002-0590

Cross-site scripting (XSS) in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies via the title or body of posts. The vulnerability affects the web application’s posting features and stems from improper handling/encoding of user-supplied input. Impact is descri...

Phorum 3.3.2a has another bug for remote command execution

Target: Phorum 3.3.2a maybee older Description: Phorum 3.3.2a let's remote users execute arbitary code Found by: Markus [email protected] Vendor: http://www.phorum.org Notified Vendor: Yes, already fixed in 3.3.2b Details: Another bug for remote command execution. This time it's...

CVE-2002-0205

The CVE-2002-0205 entry describes a cross‑site scripting (XSS) flaw in Plumtree Corporate Portal 3.5–4.5, where an attacker could inject arbitrary script via the Description parameter in error.asp, potentially affecting other clients. The affected product/component is Plumtree Corporate Portal (e...

Reading portions of local files in IE, depending on structure (GM#004-IE)

GreyMagic Security Advisory GM004-IE ===================================== By GreyMagic Software, Israel. 02 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm004-ie/. Topic: Reading portions of local files, depending on structure. Discovery date: 18 Feb 2002. Affected...

Partial access to local files via CSS in Internet Explorer

Via .oFile.cssText property of Link object it's possible to get partial content of any file with structure close to CSS...

CVE-2001-0658

CVE-2001-0658 affects Microsoft Internet Security and Acceleration (ISA) Server 2000. The issue is a cross-site scripting (CSS) vulnerability where malicious script delivered in an invalid URL, not properly quoted in an error message, can cause other clients to execute scripts or read cookies. Th...

CVE-2001-0948

CVE-2001-0948 affects ValiCert Enterprise Validation Authority (EVA) versions 3.3–4.2.1 . A cross‑site scripting flaw allows remote attackers to cause arbitrary code execution or display false information by injecting HTML/script into a certificate’s description, which runs when the certificate i...

CSS in PHPNuke add-on

/phptonuke.php?filnavn=scriptalert document.cookie/script " and ' aren't authorized...

WebSphere - Minor CSS Issue.

Hi folks, Something i came across while testing some of our WebSphere installations these have been fixed in the current versions of vanilla Apache, so i assume these are just an inherited problem from the old Apache codebase.. Makes you wonder what else there is? :^ Retreiving:...

CVE-2001-0019

Arrowpoint (Cisco Content Services) is affected by a local DoS vulnerability where a long argument to the commands show script, clear script, show archive, clear archive, show log, or clear log can cause denial of service. The CVE description and NVD entry specify local access and partial availab...

Expression Web 4 Service Pack 1 (KB2519900)

Microsoft Expression Web 4 Service Pack 1 contains significant fixes and improvements. It includes HTML 5 and CSS 3 support for Web and authentication forms support for SuperPreview in addition to bug fixes and other enhancements...