Yahoo messanger crossite scripting

By using ymsgr: it's possible to inject javascript...

Yahoo Messenger Flaw allows injection of JavaScript into IM Windows

Title: Yahoo Messenger Flaw allows injection of JavaScript into IM Windows Author: Chet Simpson [email protected] Date: December 5th, 2003 Host Platforms tested: WindowsME and WindowsXP sp1a Target Applications tested: Yahoo Messenger 5.5 Build 1249 Yahoo Messenger 5.6 Build 1355 Target...

jchat box advisory

Продукт: jChatBox Версия: 2.5 Разработчик: JavaZOOM Адрес: http://www.javazoom.net Уязвимость: Внедрение HTML code и JavaScript code, чтение приватов, флуд. Найдено: Navy, Xboy. Итак, взлом чата происходит через ник. В случае если отключен фильтр на "" и "" работает вариант номер 1. Способ №1:...

SPAIZ-NUKE v1.1 XSS bug

Привет. Вот описание уязвимости в SPAIZ-NUKE 1.1 Advisory9 RusH security team | http://www.rsteam.net Product: SPAIZ-NUKE v1.1 Author: sPaiZ-Nuke Group http://www.spaiz-nuke.net/ [email protected] Vuln: XSS Bug found: 14.09.2003 by 1dt.w0lf Уязвимость: Spaiz-Nuke это движек для сайта постр...

XSS Exploit In phpBB viewtopic.php

XSS Exploit In phpBB viewtopic.php A: BACKGROUND from phpbb.com phpBB is a high powered, fully scalable, and highly customisable open- source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP...

Windows Indexing Services Crossite Scripting

It's possible to compromise client by inserting javascript into query URL...

Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution

Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution source: https://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too...

CVE-2002-1931

Cross-site scripting XSS vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string...

Microsoft IIS IDC Extension XSS

This IIS Server appears to be vulnerable to a cross-site scripting attack due to an error in the handling of overly-long requests on an idc file. It is possible to inject JavaScript in the URL, that will appear in the resulting page. %NASLMINLEVEL 70300 This script was written by Geoffroy Raimbau...

SECURITY.NNOV: ikonboard 3.1.1 CSS

Dear bugtraq@, Ikonboard CSS bug via IMG tag was reported long time ago for 3.0.x. The only change in Ikonboard 3.1.1 at least on sending private messages is it checks URL extension to be .gif or .jpg, so IMGjavascript:alertdocument.cookie.gif/IMG still works perfectly.... Sorry if it was already...

Proxy error messages crossite scripting

In error message URL is not escaped, it makes it possible to inject javascript into URL...

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

Opera 6.0.x - FTP View Cross-Site Scripting

Opera 6.0.x - FTP View Cross-Site Scripting source: https://www.securityfocus.com/bid/5401/info A cross-site scripting vulnerability in Opera has been reported. When viewing the contents of an FTP site as web content, the data within tags is not sanitized. An attacker may embed javascript between...

Mozilla 1.0/1.1 - FTP View Cross-Site Scripting

source: https://www.securityfocus.com/bid/5403/info A cross-site scripting vulnerability in Mozilla has been reported. When viewing the contents of a FTP site as web content from a ftp:// URL, the directory name is included in the HTML representation. It is not adequately sanitized before this...

CVE-2001-1084

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message...

Levcgi.coms MyGuestbook JavaScript Injection Vulnerability

| | | | | | | | | | | | | | | | | | || | | | | http://rawt.daemon.sh | | | | | | | | | | | | | | | || || || || || || || Levcgi.coms MyGuestbook JavaScript Injection Vulnerability Discovered By BrainRawt [email protected] About MyGuestbook: ------------------ Highly customizable guestbook that...

Microsoft Internet Explorer 5.5/6.0 - History List Script Injection

source: https://www.securityfocus.com/bid/4505/info A vulnerability has been reported in some versions of Internet Explorer. It is possible to inject JavaScript code into the browser history list, and execute it within any page context given appropriate user interaction. Internet Explorer stores...

[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability

------------------------------------------------------------ itcp advisory 5 [email protected] http://www.it-checkpoint.net/advisory/5.html March 21th, 2002 - ------------------------------------------------------------ phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability...

[IMG] tag vulnerability in vBulletin

product : vbulletin versions : 2.2.2, 2.2.0 , maybe others. Probleme : One knows that if one sendings this code in private message : IMGjavascript:alert'hum';/IMG a space will be placed between "java" and "script". This filter can be by-passed : IMGjavasript:alert'hop';/IMG More details in french...

Vulnerabilities in squirrelmail

Multiple security vulnerabilties exist in SquirrelMail v 1.2.3 that allow malicious HTML messages to: send messages appearing to come from the user run arbitrary javascript Description ----------- The compose.php script allows parameters to be passed as GETs. Therefore including the following in ...