357 matches found
msdns_zonename.rb.txt
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' module Msf class...
Cross site scripting
Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...
CVE-2007-0769
Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...
CVE-2007-0769
Cross-site scripting XSS vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly...
PostgreSQL: SQL injection
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by...
Design/Logic Flaw
server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service CPU and memory consumption via a string containing a large number of characters that are escaped when Monopd produces XML output...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
CVE-2003-0870
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name...
iWeb directory traversal
Directory traversal with escaped characters...
JWalk directory traversal
Directory traversal on escaped URL...
Symantec Enterprise Firewall URL filtering protection bypass
Escaped URL may be used to bypass URL filtering...
Дырка в нескольких Web-серверах (script source revealing)
Можно получить содержимое скрипт-документав использовав в имени файлы в URL escaped-последовательность или специальное имя директории...
CVE-2000-0258
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability...
CVE-2000-0258
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability...
Cross-Site Scripting
I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...