CVE-2004-0737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the 1 sid, 2 max, 3 sel1, 4 sel2, 5 sel3, 6 sel4, 7 sel5, 8 match, 9 mod1, 10 mod2, or 11 mod3 parameters...

CVE-2004-0725

Cross-site scripting XSS vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2004-0726

The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel...

Microsoft Internet Explorer - Remote Wscript.Shell

Microsoft Internet Explorer - Remote Wscript.Shell ----------------------------------------------------- default.htm ------------------------------------------------------- function InjectedDuringRedirection...

YaPiG 0.92 - Remote Server-Side Script Execution

YaPiG 0.92 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplie...

CVE-2004-0617

Cross-site scripting XSS vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter...

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...

CVE-2004-2040

Multiple cross-site scripting XSS vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the 1 LAN407 parameter to clockmenu.php, 2 "email article to a friend" field, 3 "submit news" field, or 4 avmsg parameter to usersettings.php...

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...

[Full-Disclosure] Vuln. MacOSX/Safari: Remote help-call, execute scripts

I usually complain a lot about the Windows-security settings, and consider NIX systems to be of an entirely different level. But this time I found my own arguments off short. I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running in...

CVE-2004-1965

Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to index.p...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...

CVE-2004-1964

Cross-site scripting XSS vulnerability in nqt.php in Network Query Tool NQT 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter...

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

CVE-2004-1862

Multiple cross-site scripting XSS vulnerabilities in Extreme Messageboard XMB 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the 1 xmbuser parameter to xmb.php, 2 folder parameter to u2u.php, 3 viewmost, replymost, or latest parameter to stats.php, 4 messag...

CVE-2004-1829

Multiple cross-site scripting XSS vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 pagetitle or 2 error parameters, or 3 certain parameters in the error log...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

CVE-2004-1822

Multiple cross-site scripting XSS vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPREFERER parameter to login.php, 2 HTTPREFERER parameter to register.php, or 3 target parameter to profile.php...

CVE-2004-0046

Cross-site scripting XSS vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' double quote character...

CVE-2003-1536

Multiple cross-site scripting XSS vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via 1 the q parameter to search.php and 2 the year parameter to calendar.php...