3251 matches found
Gallery 1.4.4 - Remote Server-Side Script Execution
source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'settimelimit' function. The issue presents itself becuase...
JBrowser 1.02.x - Unauthorized Admin Access
JBrowser 1.02.x - Unauthorized Admin Access source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected...
PHPGedView 2.61 - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require paths for various external files. This will permit remote...
HotNews 0.x - hotnews-engine.inc.php3?config[header] Remote File Inclusion
HotNews 0.x - hotnews-engine.inc.php3?configheader Remote File Inclusion source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included...
EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion
source: https://www.securityfocus.com/bid/9338/info EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerab...
Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...
Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting
Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting source: https://www.securityfocus.com/bid/9798/info A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties...
Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting
source: https://www.securityfocus.com/bid/9798/info A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties across different Security Zones and foreign domains. This issue is exposed when...
phpWebSite 0.7.30.8.20.8.30.9.2 fatcat Module - fatcat_id Cross-Site Scripting
phpWebSite 0.7.30.8.20.8.30.9.2 fatcat Module - fatcatid Cross-Site Scripting source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. Cross-site...
PostNuke 0.60.7 web_links Module - TTitle Cross-Site Scripting
PostNuke 0.60.7 weblinks Module - TTitle Cross-Site Scripting source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containin...
vBulletin 3.0 - 'register.php' HTML Injection
source: https://www.securityfocus.com/bid/8354/info vBulletin may be prone to an HTML injection vulnerability. This issue is exposed through inadequate sanitization of user input for certain fields within the register.php script. An attacker may exploit this issue by including hostile HTML and...
SimpNews 2.0.12.13 - path_simpnews Remote File Inclusion
SimpNews 2.0.12.13 - pathsimpnews Remote File Inclusion source: https://www.securityfocus.com/bid/8227/info SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI...
PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/8158/info phpForum is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. This could be exploited to execute malicious PHP commands in the context of the web server process...
[NEWS] XSS Vulnerability in Synkron.web CMS
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits...
Captaris Infinite WebMail 3.61.5 - HTML Injection
Captaris Infinite WebMail 3.61.5 - HTML Injection source: https://www.securityfocus.com/bid/6411/info An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code...
YaBB 1.40/1.41 - Login Cross-Site Scripting
source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. As a result, it is possible for a...
SSGBook 1.0 - Image Tag HTML Injection
source: https://www.securityfocus.com/bid/5915/info SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of image or img tags. However, arbitrary HTML and script code are not...
Crossite scripting in Monkey
www.victim.com/scriptalert'IIL0wnZYoU!!!';/script...
TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages
Overview TDForum does not properly filter HTML scripting tags from user input, allowing users to post malicious scripts that may be executed unwittingly by other users. Description TDForum is a commercial software package providing dynamic web forum capabilities. Versions 1.2 and earlier of TDFor...
Opera FTP View Cross-Site Scripting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Opera FTP View Cross-Site Scripting Vulnerability Date: 4 August 2002 Author: Eiji James Yoshida [email protected] Risk: Medium Vulnerable: Windows2000 SP2 Opera 6.03 Windows2000 SP2 Opera 6.04 Overview: Opera allows running Malicious...