CVE-2002-0230

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message...

Crossite scripting in jo!

No description provided...

CVE-2001-1219

Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service client crash via JavaScript that continually refreshes the window via self.location...

CVE-2001-1202

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error...

CVE-2001-0723

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."...

CVE-2001-0596

Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript...

CVE-2001-0828

A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript...

CVE-2001-0722

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."...

Plumtree Corporate Portal Cross-Site Scripting (Patch Available)

Plumtree Corporate Portal Cross-Site Scripting Patch Available ---------------------------------------------------------------- SYNOPSIS Plumtree www.plumtree.com Corporate Portal versions 4.5, 4.0, 4.0SP1, 4.0i, 4.0iSP1, and 3.5 should be modified to remediate potential cross-site scripting...

CVE-2001-0828

A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript...

CVE-2001-0898

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to 1 access data after a new window to the domain has been opened or 2 access data via about:cache...

javascript can write anything to windows98 registry

here's code from www.4y4y.net:88/ls.html it can write any value to windows98 registry solution: disable JavaScript in InternetExplorer tested on IE5.5 Marcin Jackowski --------------------------------------------------------------- script document.write"APPLET HEIGHT=0 WIDTH=0...

Potential Internet Explorer Security Risk

Potential Security Risk with Internet Explorer This was tested on version: 5.00.2614.3500 with Windows 98 SE 4.10.2222A. I was playing with Favorites and added a favorite with the name of 'www.dsakfjhasdfj.com' and set it to point to the address 'c:command.com'. dont include the '' characters...

Обход Trend Micro AppletTrap (protection bypass)

Можно обойти защиту от Javascript Используя Unicode - кодировку...

OReilly Software WebBoard 4.10.30 - Pager Hostile JavaScript

source: https://www.securityfocus.com/bid/2814/info O'Reilly WebBoard is a conferencing utility, forum, threaded discussion and real-time chat server. Versions of WebBoard are vulnerable to a JavaScript code execution bug which may allow a remote denial of service against a target WebBoard user's...

Sun HotJava Browser 3 - Arbitrary DOM Access

Sun HotJava Browser 3 - Arbitrary DOM Access source: https://www.securityfocus.com/bid/1837/info A malicious website operator may be able to obtain cookies from a target system browsing with Sun HotJava Browser. The Document Object Model DOM of arbitrary URLs can be accessed if a specially formed...

Sun HotJava Browser 3 - Arbitrary DOM Access

source: https://www.securityfocus.com/bid/1837/info A malicious website operator may be able to obtain cookies from a target system browsing with Sun HotJava Browser. The Document Object Model DOM of arbitrary URLs can be accessed if a specially formed javascript is launched from a named window...

Очередная дырка javascript в IE

Сочетание метода navigate с IFRAME позволяет обратиться к локальным файлам. IFRAME ID="I1"/IFRAME SCRIPT for=I1 event="NavigateComplete2b" alert"Here is your file:n"+b.document.body.innerText; /SCRIPT SCRIPT I1.navigate"file://c:/test.txt"; setTimeout'I1.navigate"file://c:/test.txt"',1000; /SCRIP...

CVE-1999-0031

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability...

Microsoft Internet Explorer 4.0/4.0.1/5.0/5.0.1/5.5 - preview Security Zone Settings Lag

Microsoft Internet Explorer 4.0 for Windows 3.1/Windows 95,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5 preview,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Internet Explorer 5.0.1 Security Zone Settings Lag Vulnerability source:...