CVE-2002-1341

Cross-site scripting XSS vulnerability in readbody.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the 1 mailbox and 2 passedid parameters...

CVE-2002-1341

Cross-site scripting XSS vulnerability in readbody.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the 1 mailbox and 2 passedid parameters...

CVE-2002-1335

Cross-site scripting XSS vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies...

Command execution in perl-MailTools

Usage of mailx as a mailer allows command insertion into mail body...

CVE-2002-0739

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page...

CSS in blackboard

Product: Blackboard 5 Vendor: Blackboard inc Website: www.Blackboard.com Reported: 24 apr 2002: Discovered CSS in blackboard program and company.blackboard.com. Reported CSS in blackboard program at http://company.blackboard.com/contactus/Suggestions.cgi. Reported CSS in company.blackboard.com to...

Cisco SSH multiple bugs

It's possible to insert command and intercept data from ssh session...

CVE-1999-1085

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...

Вставка javascript в w3perl (javascript)

No description provided...

Вставка символов в шифрованные каналы psyBNC (protection bypass)

Зашифрованными считаются все строки начинающиеся с B...

Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass

source: https://www.securityfocus.com/bid/3097/info At least two SMTP gateway products have been identified which contain flaws in the handling of restricted filetypes as attachments. An attacker can insert extraneous characters in the filename extension of a hostile attachment. The affected...

Javascript в O'Reilly WebBoard (javascript execution)

Можно вставить javascript в pager-message...

Дырка в PHP-Nuke (xml parsing)

При разборе XML не проверяется таг TITLE, что позволяет вставить в него PHP-скрипт...

Проблемы в vim (VIM control code)

При исопльзовании status line можно вставить элементы управления в файл...

CVE-2000-0889

Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun...

CVE-2000-0663

The registry entry for the Windows Shell executable Explorer.exe in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path"...

Дырка в dalnet irc server

Переполнение буфера, но недостаточное место для вставки шел-кода...

Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Spoolss.exe DLL Insertion

Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Spoolss.exe DLL Insertion source: https://www.securityfocus.com/bid/769/info The spooler service spoolss.exe allows local users to add their own dll files and have the spooler run them at SYSTEM level. This could lead to privilege escalation all the wa...

BSDI BSD/OS 4.0 /FreeBSD 3.2 /NetBSD 1.4 x86 / OpenBSD 2.5 - UFS Secure Level 1

source: https://www.securityfocus.com/bid/510/info In 4.4BSD derivatives there are four secure levels that provide for added filesystem security among other things over and above the regular unix permission systems. Part of the secure levels are the system of file flags which include immutable an...

CVE-1999-1085

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC Cipher Block Chaining or CFB Cipher Feedback 64 bits modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum...