357 matches found
IdealBB 1.4.9 Beta - HTML Injection
source: https://www.securityfocus.com/bid/8480/info IdealBB is prone to an HTML injection vulnerability. This could permit remote attackers to inject malicious HTML and script code into board messages. The attacker's code may be rendered in the web browser of the user viewing the malicious messag...
EEYE: Internet Explorer Object Data Remote Execution Vulnerability
Internet Explorer Object Data Remote Execution Vulnerability Release Date: August 20, 2003 Reported Date: May 15, 2003 Severity: High Remote Code Execution Systems Affected: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explore...
cPanel Malicious HTML Tags Injection Vulnerability
------------------------------------------------------------------------------- ----- cPanel Malicious HTML Tags Injection Vulnerability ------------------------------------------------------------------------------- -- Author: Ory Segal, Sanctum inc. http://www.SanctumInc.com -- Discovery Date:...
iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting
iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via...
Python 2.2/2.3 - Documentation Server Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/7353/info It has been reported that the Python Documentation Server is vulnerable to a cross-site scripting problem in error pages. Because of this, an attacker could potentially cause the execution of malicious HTML and script code in the browser of a we...
Ocean12 Guestbook XSS
The remote server is running Ocean12 GuestBook, a set of scripts to manage an interactive guestbook. An attacker may use this module to inject malicious HTML code in your site, which may be used to steal users' cookies or to simply annoy them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2002-1444
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service crash with an exception in oleaut32.dll via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search function...
[NT] Multiple Vulnerabilities Found in Forum Web Server
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...
Celestial Software AbsoluteTelnet 2.02.11 - Title Bar Buffer Overflow
Celestial Software AbsoluteTelnet 2.02.11 - Title Bar Buffer Overflow source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the clien...
Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow
source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the client. An attacker can exploit this vulnerability by enticing a victim use...
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6601/info The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. This issue is due to insufficient sanitization of input submitted in URI...
Mhonarc 2.5.x - Mail Header HTML Injection
source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the...
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious...
Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The...
Apache 1.32.0.x - Server Side Include Cross-Site Scripting
Apache 1.32.0.x - Server Side Include Cross-Site Scripting source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code...
Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on...
phpWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...
DaCode 1.2 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...
XOOPS 1.0 RC3 - HTML Injection
XOOPS 1.0 RC3 - HTML Injection source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user...
Rudi Benkovic JAWMail 1.0 - Script Injection
source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicio...