Cross site scripting

Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/main.asp?date' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

Creative Software UK Community Portal 1.1 - DiscReply.php?mid SQL Injection

Creative Software UK Community Portal 1.1 - DiscReply.php?mid SQL Injection source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date SQL Injection

Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date SQL Injection source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issu...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/edit.asp?ID' SQL Injection

source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

Creative Software UK Community Portal 1.1 - 'ArticleView.php?article_id' SQL Injection

source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...

Blog 0.2.30.2.4 Mod - Weblog_posting.php SQL Injection

Blog 0.2.30.2.4 Mod - Weblogposting.php SQL Injection source: https://www.securityfocus.com/bid/17744/info Blog Mod is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful...

CVE-2005-0037

The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop...

CVE-2005-0038

Summary (CVE-2005-0038): The DNS implementation in PowerDNS 2.9.16 and earlier is vulnerable to remote denial of service via a compressed DNS packet with a label length byte offset error that can trigger an infinite loop. This is corroborated by multiple sources in the connected documents (NVD, S...

DUclassified - 'detail.asp' SQL Injection

source: https://www.securityfocus.com/bid/17722/info DUclassified is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

Design/Logic Flaw

Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...

Design/Logic Flaw

Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...

CVE-2006-2057

Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...

Design/Logic Flaw

Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...

CVE-2006-2058

Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...

CVE-2006-2055

Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...

CVE-2006-2056

Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary...

Cartweaver 2.16.11 - 'Results.cfm' SQL Injection

source: https://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits could allow an attacker to compromis...

MKPortal 1.1 - Multiple Input Validation Vulnerabilities

MKPortal 1.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/17651/info MKPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...

MKPortal 1.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/17651/info MKPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful...