Lucene search
K

3251 matches found

Exploit DB
Exploit DB
added 2004/07/17 12:0 a.m.20 views

Gallery 1.4.4 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'settimelimit' function. The issue presents itself becuase...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/01/30 12:0 a.m.13 views

JBrowser 1.02.x - Unauthorized Admin Access

JBrowser 1.02.x - Unauthorized Admin Access source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/06 12:0 a.m.30 views

PHPGedView 2.61 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require paths for various external files. This will permit remote...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/01/05 12:0 a.m.12 views

HotNews 0.x - hotnews-engine.inc.php3?config[header] Remote File Inclusion

HotNews 0.x - hotnews-engine.inc.php3?configheader Remote File Inclusion source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/02 12:0 a.m.18 views

EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/9338/info EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerab...

7.4AI score
Exploits0
CERT
CERT
added 2003/12/10 12:0 a.m.28 views

Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...

6.3AI score
Exploits0References1
exploitpack
exploitpack
added 2003/09/10 12:0 a.m.14 views

Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting

Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting source: https://www.securityfocus.com/bid/9798/info A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/09/10 12:0 a.m.21 views

Microsoft Internet Explorer 5 - window.open Search Pane Cross-Zone Scripting

source: https://www.securityfocus.com/bid/9798/info A vulnerability has been reported in Microsoft Internet Explorer that could enable unauthorized access by malicious scripts and Active Content to document properties across different Security Zones and foreign domains. This issue is exposed when...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/08/11 12:0 a.m.13 views

phpWebSite 0.7.30.8.20.8.30.9.2 fatcat Module - fatcat_id Cross-Site Scripting

phpWebSite 0.7.30.8.20.8.30.9.2 fatcat Module - fatcatid Cross-Site Scripting source: https://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. Cross-site...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2003/08/08 12:0 a.m.10 views

PostNuke 0.60.7 web_links Module - TTitle Cross-Site Scripting

PostNuke 0.60.7 weblinks Module - TTitle Cross-Site Scripting source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containin...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2003/08/06 12:0 a.m.25 views

vBulletin 3.0 - 'register.php' HTML Injection

source: https://www.securityfocus.com/bid/8354/info vBulletin may be prone to an HTML injection vulnerability. This issue is exposed through inadequate sanitization of user input for certain fields within the register.php script. An attacker may exploit this issue by including hostile HTML and...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/07/18 12:0 a.m.9 views

SimpNews 2.0.12.13 - path_simpnews Remote File Inclusion

SimpNews 2.0.12.13 - pathsimpnews Remote File Inclusion source: https://www.securityfocus.com/bid/8227/info SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/07/10 12:0 a.m.33 views

PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/8158/info phpForum is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. This could be exploited to execute malicious PHP commands in the context of the web server process...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/06/09 12:0 a.m.23 views

[NEWS] XSS Vulnerability in Synkron.web CMS

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits...

6.3AI score
Exploits0
exploitpack
exploitpack
added 2002/12/16 12:0 a.m.18 views

Captaris Infinite WebMail 3.61.5 - HTML Injection

Captaris Infinite WebMail 3.61.5 - HTML Injection source: https://www.securityfocus.com/bid/6411/info An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/10/18 12:0 a.m.55 views

YaBB 1.40/1.41 - Login Cross-Site Scripting

source: https://www.securityfocus.com/bid/6004/info A cross-site scripting vulnerability has been reported in the YaBB Yet Another Bulletin Board forum login script. HTML tags or script code are not sanitized from the error output of erroneous login attempts. As a result, it is possible for a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/10/08 12:0 a.m.25 views

SSGBook 1.0 - Image Tag HTML Injection

source: https://www.securityfocus.com/bid/5915/info SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of image or img tags. However, arbitrary HTML and script code are not...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/10/01 12:0 a.m.39 views

Crossite scripting in Monkey

www.victim.com/scriptalert'IIL0wnZYoU!!!';/script...

1.6AI score
Exploits0References1Affected Software1
CERT
CERT
added 2002/09/26 12:0 a.m.21 views

TDForum does not adequately validate user input thereby allowing users to embed malicious script code in messages

Overview TDForum does not properly filter HTML scripting tags from user input, allowing users to post malicious scripts that may be executed unwittingly by other users. Description TDForum is a commercial software package providing dynamic web forum capabilities. Versions 1.2 and earlier of TDFor...

7.5CVSS6AI score0.02276EPSS
Exploits0References3
securityvulns
securityvulns
added 2002/08/21 12:0 a.m.29 views

Opera FTP View Cross-Site Scripting Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Opera FTP View Cross-Site Scripting Vulnerability Date: 4 August 2002 Author: Eiji James Yoshida [email protected] Risk: Medium Vulnerable: Windows2000 SP2 Opera 6.03 Windows2000 SP2 Opera 6.04 Overview: Opera allows running Malicious...

0.2AI score
Exploits0
Rows per page
Query Builder