Lucene search
+L

369 matches found

exploitpack
exploitpack
added 2003/02/06 12:0 a.m.12 views

Celestial Software AbsoluteTelnet 2.02.11 - Title Bar Buffer Overflow

Celestial Software AbsoluteTelnet 2.02.11 - Title Bar Buffer Overflow source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the clien...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/06 12:0 a.m.26 views

Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow

source: https://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the client. An attacker can exploit this vulnerability by enticing a victim use...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/01/14 12:0 a.m.16 views

Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities

Geeklog 1.3.7 - profiles.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/6601/info The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. This issue is due to insufficient sanitization of input submitted in URI...

Exploits0
Exploit DB
Exploit DB
added 2002/11/19 12:0 a.m.24 views

Mhonarc 2.5.x - Mail Header HTML Injection

source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the...

7AI score
Exploits0
exploitpack
exploitpack
added 2002/11/09 12:0 a.m.22 views

Xoops 1.3.5 - Private Message System Font Attributes HTML Injection

Xoops 1.3.5 - Private Message System Font Attributes HTML Injection source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious...

Exploits0
Exploit DB
Exploit DB
added 2002/10/03 12:0 a.m.30 views

Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5882/info Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/10/02 12:0 a.m.11 views

Apache 1.32.0.x - Server Side Include Cross-Site Scripting

Apache 1.32.0.x - Server Side Include Cross-Site Scripting source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2002/10/02 12:0 a.m.32 views

Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting

source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/09/25 12:0 a.m.19 views

phpWebSite 0.8.3 - News Message HTML Injection

phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/25 12:0 a.m.32 views

DaCode 1.2 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/09/24 12:0 a.m.23 views

XOOPS 1.0 RC3 - HTML Injection

XOOPS 1.0 RC3 - HTML Injection source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/23 12:0 a.m.29 views

Rudi Benkovic JAWMail 1.0 - Script Injection

source: https://www.securityfocus.com/bid/5771/info Problems with JAWMail could make it possible to execute arbitrary script code in a vulnerable client. JAWMail does not sufficiently filter malicious HTML code from e-mails. As a result, when a user opens an email in JAWMail that contains malicio...

7.4AI score
Exploits0
NVD
NVD
added 2002/08/15 4:0 a.m.15 views

CVE-2002-1444

The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service crash with an exception in oleaut32.dll via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search function...

2.6CVSS6.8AI score0.13543EPSS
Exploits1References4
exploitpack
exploitpack
added 2002/07/15 12:0 a.m.12 views

Mirabilis ICQ 2002 - Sound Scheme Remote Configuration Modification

Mirabilis ICQ 2002 - Sound Scheme Remote Configuration Modification source: https://www.securityfocus.com/bid/5239/info ICQ is an instant messenger client for Microsoft Windows systems. ICQ includes support for sound schemes. ICQ sound scheme files are generally given the .scm extension...

7.5AI score
Exploits0
exploitpack
exploitpack
added 2002/06/10 12:0 a.m.16 views

MyHelpDesk 20020509 - Cross-Site Scripting

MyHelpDesk 20020509 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a...

Exploits0
Exploit DB
Exploit DB
added 2002/06/10 12:0 a.m.29 views

MyHelpDesk 20020509 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for unsanitized CGI parameters. If the...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.29 views

CVE-2001-0538

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page...

7.4AI score0.52851EPSS
Exploits0References7
CERT
CERT
added 2002/03/06 12:0 a.m.32 views

Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"

Overview Oracle 9i Application Servers are vulnerable to a cross-site scripting vulnerability. The server may inadvertently include malicious HTML tags or scriptJavaScript, VBScript, Java, etc. in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a...

5.8AI score
Exploits0References4
CERT
CERT
added 2002/02/14 12:0 a.m.38 views

Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive

Overview The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the...

7.5CVSS7.7AI score0.39767EPSS
Exploits0References8
CERT
CERT
added 2001/11/29 12:0 a.m.39 views

Microsoft Internet Explorer (IE) calls telnet.exe with unsafe command-line arguments ("Telnet Invocation")

Overview A telnet client can be invoked with unsafe options by arbitrary HTML "web" pages when rendered by affected Microsoft Internet Explorer clients. Description This vulnerability is also known as the "telnet logging" or "telnet invocation" or "Microsoft IE Telnet Client File Overwrite"...

6.7AI score
Exploits0References11
Rows per page
Query Builder