EUVD-2002-1110

Malware in sbrugna...

Internet Scanner reporting engine vulnerable to cross-site scripting

Overview IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser...

IBM ISS Internet扫描器HTML代码注入漏洞

BUGTRAQ ID: 28014 ISS Internet Scanner是一款商业性质的漏洞扫描评估工具。 ISS Internet扫描器在保存HTML报表时没有正确地验证对某些参数的输入，这可能导致注入任意HTML和脚本代码，当用户查看报表的时候就会在浏览器会话中执行。 IBM ISS Internet Scanner 7.0 SP2 build 7.2.2005.52 厂商补丁： IBM --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ers.ibm.com/...

Cross site scripting

Cross-site scripting XSS vulnerability in the report interface in Internet Security Systems ISS Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-1073

Internet Scanner 7.0 SP2 (Build 7.2.2005.52) from ISS is affected by a cross-site scripting (XSS) vulnerability in its report generation/printing function. The JVN entry clarifies that the reporting engine does not properly sanitize data when generating the HTML report, enabling an attacker to in...

CVE-2008-1073

Cross-site scripting XSS vulnerability in the report interface in Internet Security Systems ISS Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

JVN#42381549 Internet Scanner reporting engine vulnerable to cross-site scripting

IBM Internet Scanner has a function to generate a report as an HTML file. Internet Scanner's reporting engine does not properly sanitize data before generating this report. This vulnerability may allow an attacker to insert an arbitrary script, which is executed on the user's web browser when the...

CVE-2002-1122

Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response...

CVE-2002-1122

ISS Internet Scanner 6.2.1 is affected by a buffer overflow in the license banner HTTP check during parsing of a long HTTP response, enabling remote code execution. Foundstone advisorySECURITYVULNS:DOC:3512 confirms the issue and notes vendor ISS issued a fix included in X-Press Update 6.17; appl...

CVE-2002-1122

Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response...

ISS Security Brief: Flaw in Internet Scanner Parsing Mechanism

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brie...

ISS.txt

ISS products are meant to be used in a defensive role. Here we will look at using them in an offensive role. ===Please note that the writer has NO responsibility for YOUR actions with this === ===information! I did not make you do it. I just made you aware it COULD be done.=== Internet Scanner an...

SDI.03-99.iss-scanner.txt

Sekure SDI http://www.sekure.org --------------------------- Brazilian Information Security Team - Internet Scanner Buffer Overflow - SDI.03-99.iss-scanner --- complexity : medium critical level : medium --- 1. Introduction Internet Scanner I.S is a wide known tool to audit the security level of ...