Microsoft Pocket Internet Explorer 3.0 - Denial of Service

Microsoft Pocket Internet Explorer 3.0 - Denial of Service source: https://www.securityfocus.com/bid/6507/info A denial of service vulnerability has been reported for Pocket Internet Explorer PIE. The vulnerability is due to the way some JavaScript code is interpreted by PIE. By enticing a victim...

CVE-2002-0481

An interaction between Windows Media Player WMP and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS Windows Media Skin or other WMP media files, whose onload handlers execute the...

Mozilla 1.01.1 - FTP View Cross-Site Scripting

Mozilla 1.01.1 - FTP View Cross-Site Scripting source: https://www.securityfocus.com/bid/5403/info A cross-site scripting vulnerability in Mozilla has been reported. When viewing the contents of a FTP site as web content from a ftp:// URL, the directory name is included in the HTML representation...

Mozilla cookie stealing - Sandblad advisory #9

Sandblad advisory 9 - ---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Steal/spoof arbitrary cookie in Mozilla Date: 2002-07-24 Software: Mozilla Vendor: http://www.mozilla.org Fix: The author has been working with Mozilla to produce a patch. Problem is fixed in Mozilla 1.1...

CVE-2002-0319

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username...

CVE-2002-0461

Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service application crash via Javascript in a web page that calls location.replace on itself, causing a loop...

CVE-2002-0281

Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to userupdate.php...

Opera 5.126.0 - Frame Location Same Origin Policy Circumvention

Opera 5.126.0 - Frame Location Same Origin Policy Circumvention source: https://www.securityfocus.com/bid/4745/info Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some...

CVE-2002-0281

Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to userupdate.php...

Microsoft Internet Explorer 5/6 - Recursive JavaScript Event Denial of Service

source: https://www.securityfocus.com/bid/4583/info An issue has been reported in some versions of Microsoft Internet Explorer. It is possible for a malicious web page using JavaScript to crash the browser process. Under Windows 95 and 98, this may impact the underlying operating system as well...

ReBB javascripts vulnerability

Hi! Another php - board named ReBB http://www.rebb.net has a img vulnerability. Exploit: Use this string my favorite : - imgjavascript:alert'test'/img Possible decision: All urls in img tag should start with http:// SliderGod...

XMB Forum 1.6 pre-beta - Image Tag Script Injection

source: https://www.securityfocus.com/bid/4167/info The Extreme Message Board XMB 1.6 Magic Lantern pre-beta version reportedly allows JavaScript and HTML to be entered in messages. This can be achieved by entering script or HTML between img and /img tags in a forum message. This has been fixed i...

CVE-2001-0723

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."...

Microsoft Internet Explorer 5/6 - Cookie Disclosure/Modification

source: https://www.securityfocus.com/bid/3513/info Internet Explorer contains a vulnerability, which could allow an attacker to construct a URL that would display or modify the cookie information associated with an arbitrary website. If a URL is composed in the about: protocol referencing a...

Ultimate Bulletin Board

Here is a message I just popped off to infopop about their Ultimate Bulletin Board v5 product. It's not really meant for someone not used to their product. -------------------------------------------------------------------------------- If a user has info stored in a cookie, replies to a message...

ultimate-bb.txt

I set up a script on some server somewhere that will mail me the contents of "whatever" in a url query as such - http://somehost.com/somescript.php/cgi/pl/asp?contents="whatever" when I have that script in place I post a message on the board that I wish to steal peoples passes from withfor Intern...

[ GFISEC23112000 ] Microsoft Media Player 7 allows executation of Arbitrary Code

GFI Security Lab Advisory http://www.gfi.com/ ----Title: GFISEC23112000 Microsoft Media Player 7 allows executation of Arbitrary Code ----Published: 23.NOV.2000 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems Affected: Windows ME WMP7 is...

Microsoft Windows Media Player 7.0 - .wms Arbitrary Script (MS00-090)

Microsoft Windows Media Player 7.0 - .wms Arbitrary Script MS00-090 ----Title: GFISEC23112000 Microsoft Media Player 7 allows executation of Arbitrary Code ----Published: 23.NOV.2000 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems...

CVE-1999-0790

A remote attacker can read information from a Netscape user's cache via JavaScript...

CVE-1999-0347

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character...