326 matches found
CVE-2002-0281
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to userupdate.php...
Opera 5.126.0 - Frame Location Same Origin Policy Circumvention
Opera 5.126.0 - Frame Location Same Origin Policy Circumvention source: https://www.securityfocus.com/bid/4745/info Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some...
CVE-2002-0281
Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to userupdate.php...
Microsoft Internet Explorer 5/6 - Recursive JavaScript Event Denial of Service
source: https://www.securityfocus.com/bid/4583/info An issue has been reported in some versions of Microsoft Internet Explorer. It is possible for a malicious web page using JavaScript to crash the browser process. Under Windows 95 and 98, this may impact the underlying operating system as well...
ReBB javascripts vulnerability
Hi! Another php - board named ReBB http://www.rebb.net has a img vulnerability. Exploit: Use this string my favorite : - imgjavascript:alert'test'/img Possible decision: All urls in img tag should start with http:// SliderGod...
XMB Forum 1.6 pre-beta - Image Tag Script Injection
source: https://www.securityfocus.com/bid/4167/info The Extreme Message Board XMB 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages. This can be achieved by entering script or HTML between img and /img tags in a forum message. This has been fixed i...
CVE-2001-0723
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."...
Microsoft Internet Explorer 5/6 - Cookie Disclosure/Modification
source: https://www.securityfocus.com/bid/3513/info Internet Explorer contains a vulnerability, which could allow an attacker to construct a URL that would display or modify the cookie information associated with an arbitrary website. If a URL is composed in the about: protocol referencing a...
Ultimate Bulletin Board
Here is a message I just popped off to infopop about their Ultimate Bulletin Board v5 product. It's not really meant for someone not used to their product. -------------------------------------------------------------------------------- If a user has info stored in a cookie, replies to a message...
ultimate-bb.txt
I set up a script on some server somewhere that will mail me the contents of "whatever" in a url query as such - http://somehost.com/somescript.php/cgi/pl/asp?contents="whatever" when I have that script in place I post a message on the board that I wish to steal peoples passes from withfor Intern...
[ GFISEC23112000 ] Microsoft Media Player 7 allows executation of Arbitrary Code
GFI Security Lab Advisory http://www.gfi.com/ ----Title: GFISEC23112000 Microsoft Media Player 7 allows executation of Arbitrary Code ----Published: 23.NOV.2000 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems Affected: Windows ME WMP7 is...
Microsoft Windows Media Player 7.0 - .wms Arbitrary Script (MS00-090)
Microsoft Windows Media Player 7.0 - .wms Arbitrary Script MS00-090 ----Title: GFISEC23112000 Microsoft Media Player 7 allows executation of Arbitrary Code ----Published: 23.NOV.2000 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems...
CVE-1999-0790
A remote attacker can read information from a Netscape user's cache via JavaScript...
CVE-1999-0347
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character...
raq2.admin.exploit.txt
To replicate this bug you must have Site Administrator access to one of the accounts on the server. When you go into the Site Management for a site and select the User Management option, you get a list of the usernames that have been setup for that account. The green pencil edit icon is a command...
ebayla.txt
http://www.because-we-can.com/ebayla/ THE EBAYLA BUG AND HOW TO PROTECT YOURSELF This page describes a security problem that Blue Adept discovered with eBay's on-line auctions on March 31, 1999 realaudio interview. The security hole allows eBay users to easily steal the passwords of other eBay...
netscape.4.51.url.sniffing.txt
Date: Thu, 25 Mar 1999 20:07:52 +0200 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator 4.51 allows sniffing of URLs from another window There is a bug in Netscape Communicator 4.51,4.5/Win95, 4.08/WinNT probably others?, which allows sniffing URLs from another window...
ie4.clipboard.txt
Date: Mon, 22 Feb 1999 23:39:07 +0100 From: Juan Carlos Garcia Cuartango To: [email protected] Subject: New IE4 vulnerability : the clipboard again. Greetings, I have discovered another IE 4 clipboard vulnerability. The clipboard content can be made public by a very simple javascri...
msie.5.0.javascript.dos.txt
Date: Mon, 31 May 1999 16:18:02 GMT From: THR - To: [email protected] Subject: Exploit in Internet Explorer 5.0 Hi everyone! I have found a bug which will freeze Internet Explorer 5.0 I know that there are many bugs that will crasch browsers but what makes this one special is the following: In...
netscape.4.x-javascript.txt
Date: Wed, 28 Oct 1998 10:22:02 PST From: Georgi Guninski Subject: Javascript bug in Netscape Communicator 4.5 There is a bug in Netscape Communicator 4.5, 4.07, 3.04 under Windows 95 probably others which allows reading user's cache the urls the user has visited, including the info in GET forms...