178 matches found
Cross-site Scripting Vulnerability in JP1/Operations Analytics
Overview A cross-site scripting vulnerability was found in JP1/Operations Analytics. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Ji-takz - Remote File Inclusion
Ji-takz - Remote File Inclusion source: https://www.securityfocus.com/bid/18474/info Ji-takz is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containin...
Ji-takz - Remote File Inclusion
source: https://www.securityfocus.com/bid/18474/info Ji-takz is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file containing malicious script code execute ...
Newtelligence DasBlog 1.x - Request Log HTML Injection
Newtelligence DasBlog 1.x - Request Log HTML Injection source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input...
Gallery 1.4.4 - Remote Server-Side Script Execution
Gallery 1.4.4 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the...
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...
Chi Kien Uong Guestbook 1.51 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8896/info It has been reported that Chi Kien Uong Guestbook may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The problem is reported to present itself due to...
TSguestbook 2.1 - 'Message' HTML Injection
source: https://www.securityfocus.com/bid/8520/info It has been reported that TSguestbook may be prone to HTML injection attacks. The problem is said to occur due to insufficient sanitization of user-supplied input within the 'message' field. As a result, an attacker may post a guestbook entry...
PostNuke 0.6/0.7 Downloads Module - TTitle Cross-Site Scripting
source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of...
Splatt Forum 34 - Post Icon HTML Injection
Splatt Forum 34 - Post Icon HTML Injection source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML...
Netscape and iPlanet Enterprise Servers fail to sanitize log files before they are displayed using the administration client
Overview IPlanet Enterprise Server and Netscape Enterprise Server versions prior to 4.1. SP12 have a vulnerability involving the rendering of tags embedded in the web logs when viewed through the administration client. Description Requests made to web servers are routinely logged by the web serve...
CVE-2002-1210
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context...
Ultimate PHP Board Board 1.0 final Beta - 'viewtopic.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser...
PHPRank 1.8 - add.php Cross-Site Scripting
PHPRank 1.8 - add.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5945/info phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems. It has been reported that phpRank is vulnerable to cross-site scripting...
HP Compaq Insight Manager - Web Interface Cross-Site Scripting
HP Compaq Insight Manager - Web Interface Cross-Site Scripting source: https://www.securityfocus.com/bid/5780/info It has been reported that the Compaq Insight Manager web interface is prone to cross-site scripting attacks. It is possible to construct a malicious link to a Compaq Insight Manager...
Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting
Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting source: https://www.securityfocus.com/bid/3829/info UBB Ultimate Bulletin Board is commercial web forums/community software that is written in Perl. It runs on various Unix/Linux variants, as well as Microsoft Windows NT/2000. UBB is prone...
CVE-2001-0340
An interaction between the Outlook Web Access OWA service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically...
PHP 4.x - SafeMode Arbitrary File Execution
PHP 4.x - SafeMode Arbitrary File Execution source: https://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, an...