369 matches found
Celestial Software AbsoluteTelnet 2.02.11 - Title Bar Buffer Overflow
Celestial Software AbsoluteTelnet 2.02.11 - Title Bar Buffer Overflow source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the clien...
Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow
source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the client. An attacker can exploit this vulnerability by enticing a victim use...
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities
Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6601/info The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. This issue is due to insufficient sanitization of input submitted in URI...
Mhonarc 2.5.x - Mail Header HTML Injection
source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the...
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious...
Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The...
Apache 1.32.0.x - Server Side Include Cross-Site Scripting
Apache 1.32.0.x - Server Side Include Cross-Site Scripting source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code...
Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on...
phpWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...
DaCode 1.2 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...
XOOPS 1.0 RC3 - HTML Injection
XOOPS 1.0 RC3 - HTML Injection source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user...
Rudi Benkovic JAWMail 1.0 - Script Injection
source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicio...
CVE-2002-1444
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service crash with an exception in oleaut32.dll via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search function...
Mirabilis ICQ 2002 - Sound Scheme Remote Configuration Modification
Mirabilis ICQ 2002 - Sound Scheme Remote Configuration Modification source: https://www.securityfocus.com/bid/5239/info ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension...
MyHelpDesk 20020509 - Cross-Site Scripting
MyHelpDesk 20020509 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a...
MyHelpDesk 20020509 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for unsanitized CGI parameters. If the...
CVE-2001-0538
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page...
Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive
Overview The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the...
Microsoft Internet Explorer (IE) calls telnet.exe with unsafe command-line arguments ("Telnet Invocation")
Overview A telnet client can be invoked with unsafe options by arbitrary HTML "web" pages when rendered by affected Microsoft Internet Explorer clients. Description This vulnerability is also known as the "telnet logging" or "telnet invocation" or "Microsoft IE Telnet Client File Overwrite"...