CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

CVE-2004-1862

Multiple cross-site scripting XSS vulnerabilities in Extreme Messageboard XMB 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the 1 xmbuser parameter to xmb.php, 2 folder parameter to u2u.php, 3 viewmost, replymost, or latest parameter to stats.php, 4 messag...

CVE-2004-1829

Multiple cross-site scripting XSS vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 pagetitle or 2 error parameters, or 3 certain parameters in the error log...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

CVE-2004-1822

Multiple cross-site scripting XSS vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPREFERER parameter to login.php, 2 HTTPREFERER parameter to register.php, or 3 target parameter to profile.php...

CVE-2004-0046

Cross-site scripting XSS vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' double quote character...

CVE-2003-1317

Cross-site scripting XSS vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2003-1334

Cross-site scripting XSS vulnerability in Kai Blankenhorn Bitfolge simple and nice index file aka snif before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...

CVE-2003-1556

Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...

CVE-2003-1536

Multiple cross-site scripting XSS vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via 1 the q parameter to search.php and 2 the year parameter to calendar.php...

CVE-2003-1479

Cross-site scripting XSS vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field...

CVE-2003-1543

Cross-site scripting XSS vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message...

CVE-2003-1100

Multiple cross-site scripting XSS vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors...

CVE-2003-1211

Cross-site scripting XSS vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter...

CVE-2003-1498

Cross-site scripting XSS vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoomquery parameter...

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...

CVE-2003-0623

Cross-site scripting XSS vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument...

CVE-2003-1187

Cross-site scripting XSS vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contactemail parameter...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...