5946 matches found
CVE-2001-1257
Cross-site scripting vulnerability in Horde Internet Messaging Program IMP before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email...
[NT] Lil' HTTP Server "Referer" Cross Site Scripting Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...
Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer
It's possible to use about: and res: URl to execute javascript in context of any page and local machine...
How Outlook 2002 can still execute JavaScript in an HTML email message
Hello, Windows Media Player WMP reintroduces the ability to automatically execute JavaScript code from an HTML email message in Outlook 2002. JavaScript is disabled by default in Outlook 2002, because it can facilitate the creation of worms and other malicious code which is carried by HTML email...
CVE-2001-1212
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter...
CVE-2001-1202
CVE-2001-1202 affects DeleGate versions 7.7.0 and 7.7.1. The root cause is that scripting commands are not quoted in a 403 Forbidden error page, enabling remote attackers to trigger cross‑site scripting by using a URL that generates an error. Consequence is arbitrary Javascript execution on other...
php-nuke.5.5.css.txt
PHP-Nuke is a PHP based portal management system used at thousands of sites. A Cross Site Scripting vulnerability has been discovered in the PHP-Nuke version 5.5 and prior versions. There is a function called Private Messages in PHP-Nuke by which the registered users of the site can send messages...
FreeBSD-SA-02:16.netscape
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:16 Security Advisory FreeBSD, Inc. Topic: GIF/JPEG comment vulnerability in Netscape Category: ports Module: netscape Announced: 2002-03-12 Credits: Florian Wesch Affects...
Cobalt cube3 css
Try either of the following URLs against your RAQ3 http://host/nav/cList.php?root=/scripth1www.snosoft.com rocks/h1 http://host/nav/cList.php?root=/scriptscriptalert'Snosoft Rocks'/script You will see your code followed by this chunk of java code that was trying to run. "; // get tab configuratio...
CVE-2001-1202
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error...
CVE-2001-1352
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter...
CVE-2001-0824
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into 1 a request for a .JSP file, or 2 a request to the webapp/examples/ directory, which inserts the Javascript into an error page...
ОБращение к реестру через IE5.5 (javascript execution)
Несколько ActiveX компонентов могут записывать разделы реестра...
[SECURITY] [DSA-073-1] 3 security problems in imp
Package : imp Problem type : 3 remote exploits Debian-specific: no The Horde team released version 2.2.6 of IMP a web based IMAP mail program which fixes three security problems. Their release announcement describes them as follows: 1. A PHPLIB vulnerability allowed an attacker to provide a value...
CVE-2001-0596
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript...
Proxomitron Cross-site Scripting Vulnerability
Proxomitron Cross-site Scripting Vulnerability ============================================== Affected versions ================= Proxomitron Naoko-4 BetaFour or earlier http://spywaresucks.org/prox/ Problem ======= Accessing the following URL with the browser configured to use Proxomitron as a...
IMP 2.2.6 (SECURITY) released
The Horde team announces the availability of IMP 2.2.6, which fixes three potential security issues. We strongly recommend that all sites running IMP 2.2.x upgrade to this version. 1 A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get...
CVE-2001-1257
Cross-site scripting vulnerability in Horde Internet Messaging Program IMP before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email...
Lotus Domino Server Cross-Site Scripting Vulnerability
Lotus Domino Server Cross-Site Scripting Vulnerability ====================================================== Affected products: ================= Lotus Domino Server 5.0.6 http://www.lotus.com/home.nsf/welcome/domino/ Vendor status: ============= Notified: 18 Mar 2001 09:59:51 +0900 105 days...
Выполнение javascript в Exchange 2000 OWA (javascript execution)
javascript содержащийся во вложенном файле может быть выполнен в контексте сервера...