[UNIX] Comdev eCommerce Cross Site Scripting

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Gadu-Gadu several vulnerabilities

Product: Gadu-Gadu, most of all available versions including the latest one Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Several vulnerabilities within application allow for remote execution of arbitrary code and information stealing Severity: Critical Authors: Blazej Miga...

CVE-2002-0615

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...

AzDGDatingLite 2.1.1 - 'index.php?language' Cross-Site Scripting

source: https://www.securityfocus.com/bid/10084/info Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. Exploitation could facilitate thef...

WebCortex WebStores2000 - 'error.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9693/info It has been reported that WebStores2000 is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks...

Herberlin BremsServer 1.2.4 - Cross-Site Scripting

Herberlin BremsServer 1.2.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/9491/info BremsServer has been reported to contain cross-site scripting vulnerabilities. This issue is due to the server failing to check or filter user strings that are sent to the server. An attacker ma...

CVE-2003-0980

Cross-site scripting XSS vulnerability in FreeScripts VisitorBook LE visitorbook.pl allows remote attackers to inject arbitrary HTML or web script via 1 the "do" parameter, 2 via the "user" parameter from a host with a malicious reverse DNS name, 3 via quote marks or ampersands in other parameter...

OpenAutoClassifieds 1.0 - Listing Cross-Site Scripting

OpenAutoClassifieds 1.0 - Listing Cross-Site Scripting source: https://www.securityfocus.com/bid/8972/info It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the...

WebCalendar 0.9.x colors.php color XSS

WebCalendar 0.9.x colors.php color XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php,...

CVE-2003-0348

A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script...

CVE-2003-0348

CVE-2003-0348 concerns the Windows Media Player 9 Series ActiveX control. The ActiveX control allows script-access to the Windows Media Library, enabling a remote attacker to view and potentially modify library data via HTML script. CERT/CC confirms script access validation weaknesses, and Micros...

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

CVE-2002-1181

Multiple cross-site scripting XSS vulnerabilities in the administrative web pages for Microsoft Internet Information Server IIS 4.0 through 5.1 allow remote attackers to execute HTML script as other users through 1 a certain ASP file in the IISHELP virtual directory, or 2 possibly other unknown...

CVE-2002-1181

Multiple cross-site scripting XSS vulnerabilities in the administrative web pages for Microsoft Internet Information Server IIS 4.0 through 5.1 allow remote attackers to execute HTML script as other users through 1 a certain ASP file in the IISHELP virtual directory, or 2 possibly other unknown...

Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The...

PHP Classifieds 6.0.5 - Cross-Site Scripting

PHP Classifieds 6.0.5 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is...

CVE-2001-0948

CVE-2001-0948 affects ValiCert Enterprise Validation Authority (EVA) versions 3.3–4.2.1 . A cross‑site scripting flaw allows remote attackers to cause arbitrary code execution or display false information by injecting HTML/script into a certificate’s description, which runs when the certificate i...

CVE-2001-0519

Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags...

CVE-2001-0521

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document...