Novell GroupWise 6.5 WebAccess HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14310/info Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile...

Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11466/info The Microsoft cumulative Internet Explorer patch MS04-038 attempted to limit what files may be dragged and dropped onto the local computer from the Internet Zone to prevent executable objects from being placed ...

McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion

No description provided by source. McAfee VirusScan 4.0,Network Associates VirusScan for Windows NT 4.0.2/4.0.3 a,Symantec Norton AntiVirus 2000 Recycle Bin Exclusion Vulnerability source: http://www.securityfocus.com/bid/956/info Many commercial virus scanners for Windows platforms exclude the...

phpBB 2.0.6 Privmsg.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. Thi...

BRS WebWeaver 1.0.7 ISAPISkeleton.dll Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9516/info BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is follow...

Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2328/info Apple Quicktime plugin for Windows is vulnerable to a remote buffer overflow. A maliciously-constructed web link statement in a remote HTML document, which contains excess data argumenting an EMBED tag, could...

Open Business Management 1.0.3 pl1 - 'company_index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit...

Open Business Management 1.0.3 pl1 - 'group_index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit...

Novell Groupwise 6.5 Webaccess - HTML Injection

source: https://www.securityfocus.com/bid/14310/info Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their...

PHP Labs - '.proFile' Dir URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/13276/info PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's...

WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities

WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12009/info It is reported that WorkBoard is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI...

Zwiki 0.10/0.36.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11745/info It is reported that Zwiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamic web page content. This issue could...

Zwiki 0.100.36.2 - Cross-Site Scripting

Zwiki 0.100.36.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/11745/info It is reported that Zwiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in...

Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)

source: https://www.securityfocus.com/bid/11466/info The Microsoft cumulative Internet Explorer patch MS04-038 attempted to limit what files may be dragged and dropped onto the local computer from the Internet Zone to prevent executable objects from being placed on the file system in this manner...

Pinnacle Systems ShowCenter 1.51 - 'SettingsBase.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11415/info Pinnacle Systems ShowCenter is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious URI...

PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11038/info PHP Code Snippet Library is reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to creat...

PhotoADay - Pad_selected Cross-Site Scripting

PhotoADay - Padselected Cross-Site Scripting source: https://www.securityfocus.com/bid/11009/info It is reported that PhotoADay is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could...

PluggedOut Blog 1.511.60 - Blog_Exec.php Cross-Site Scripting

PluggedOut Blog 1.511.60 - BlogExec.php Cross-Site Scripting source: https://www.securityfocus.com/bid/10885/info PluggedOut Blog is reported prone to a cross-site scripting vulnerability. This could allow for execution of hostile HTML and script code in the web client of a user who visits a...

CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/10948/info It is reported that CuteNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious UR...

BoardPower Forum - ICQ.cgi Cross-Site Scripting

BoardPower Forum - ICQ.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/10734/info BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI inpu...