Code injection

Unspecified vulnerability in IBM WebSphere Application Server WAS 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service daemon crash via unknown vectors, related to a mishandling...

CVE-2009-0433

Unspecified vulnerability in IBM WebSphere Application Server WAS 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service daemon crash via unknown vectors, related to a mishandling...

Simple Machines Forum (SMF) 1.0.13/1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass

!/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood by Error Log File Path Disclosure List installed Mods Useful To Find Mods Vulnerable...

Apple QuickTime Player buffer overflow

Buffer overflow on HTTP error message displaying...

vigilecms-disclose.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- VigileCMS...

VHCSXSS.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0006 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ VHCS 2.x HTTP Error Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT...

VHCS 2.x HTTP Error Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0006 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ VHCS 2.x HTTP Error Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT...

CVE-2005-0593

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via 1 a web site that does not finish loading, which shows the lock of the previous site, 2 a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake ...

Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass

Microsoft Internet Explorer 6.0 SP2 - File Download Security Warning Bypass Orginal Advisory and exploit by cyberflash Vengy Circumvent Windows XP SP2 security features using execCommand 'SaveAs' function! Demonstration: Notice that you don't receive any warning messages such as: "File Download -...

Microsoft ISA Server HTTP error handler XSS (TL#007)

Thor Larholm security advisory TL006 ------------------------------------- 16 July 2003 HTML format: http://pivx.com/larholm/adv/TL006 Topic: ISA Server HTTP error handler XSS. Discovery date: 25 June 2002. Severity: Medium Affected applications: ---------------------- Any Microsoft Internet...

Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection

Microsoft Internet Explorer 5 - Custom HTTP Error HTML Injection source: https://www.securityfocus.com/bid/7939/info An issue has been reported for Microsoft Internet Explorer that may result in HTML injection attacks. The vulnerability exists when IE is used to display custom HTTP error messages...

CVE-2002-0148

Cross-site scripting vulnerability in Internet Information Server IIS 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page...

CVE-2002-0148

CVE-2002-0148 is a cross-site scripting vulnerability in Microsoft Internet Information Services (IIS) 4.0, 5.0 and 5.1 that allows remote attackers to execute arbitrary script as the affected user via an HTTP error page. Connected sources confirm this CSS/XSS issue is part of a broader set of II...

CVE-2002-0408

htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message...

IIS allows universal CrossSiteScripting

Thor Larholm security advisory TL001 ------------------------------------- By Thor Larholm, Denmark. 10 April 2002 HTML format: http://jscript.dk/adv/TL001/ Topic: IIS allows universal CrossSiteScripting. Discovery date: 13 March 2002. Severity: Medium Affected applications: ---------------------...

Microsoft IIS 4.05.0 - HTTP Error Page Cross-Site Scripting

Microsoft IIS 4.05.0 - HTTP Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/4486/info A Cross Site Scripting issue exists in some versions of IIS. The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user...

Microsoft IIS 4.0/5.0 - HTTP Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/4486/info A Cross Site Scripting issue exists in some versions of IIS. The HTTP Error Page created by IIS may, under some circumstances, contain HTML content which includes unsanitized user supplied input. An attacker may construct a link to a vulnerable...

Thunderstone TEXIS 3.0 - Full Path Disclosure

Thunderstone TEXIS 3.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/4035/info A vulnerability in TEXIS allows an attacker to view the full path to the web root. If the attacker submits an HTTP request for an invalid path, the server will return an error page containing the pat...

Security update 1970-01-01

...