DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/11339/info DCP-Portal is reported prone to multiple HTML injection vulnerabilities. It is reported that DCP-Portal does not sufficiently filter data submitted via input fields in several scripts. These vulnerabilities may permit execution of hostile scrip...

Debian DSA-167-1 : kdelibs - XSS

A cross site scripting problem has been discovered in Konqueror, a famous browser for KDE and other programs using KHTML. The KDE team reportsthat Konqueror's cross site scripting protection fails to initialize the domains on sub-iframes correctly. As a result, JavaScript is able to access any...

CVE-2004-0094

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure DRI...

CVE-2004-0093

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure DRI...

VulnCheck KEV: CVE-2004-0549

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine MSHTML, as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as...

RHEL 2.1 : XFree86 (RHSA-2004:152)

Updated XFree86 packages that fix a minor denial of service vulnerability are now available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. Flaws in XFree86 4.1.0 allows local or remote attackers who are able to connect to the X...

security flaw

Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."...

CVE-2004-0094

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure DRI...

CVE-2004-0093

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure DRI...

CVE-2004-0094

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure DRI...

phpGroupWare 0.9.x - 'index.php' HTML Injection

source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and script code would be able to access propertie...

Opera: buffer overflows in 7.11 and 7.20

Background Opera is a multi-platform web browser. Description The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the...

Opera HREF escaped server name overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Opera HREF escaped server name overflow Release Date: 10/20/2003 Application: Opera 7.11, 7.20 Platform: Windows XP/2000 and GNU/Linux 2.4 tested, others may be vulnerable Severity: Remote...

Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting

source: https://www.securityfocus.com/bid/8722/info A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp. An attacker...

CPanel 5.05.36.x - Admin Interface HTML Injection

CPanel 5.05.36.x - Admin Interface HTML Injection source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by ...

CVE-2003-0241

The CVE-2003-0241 issue affects FrontRange GoldMine mail agent, specifically versions 5.70 and 6.00 prior to build 30503. The vulnerability arises when HTML is sent to the default browser without labeling the content as untrusted or setting a secure zone, causing IE to render HTML in a less secur...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

EUVD-2003-0111

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 are affected by CVE-2003-0115 due to improper validation of parameters during third-party rendering, enabling remote script execution. OpenVAS entries identify the issue as part of the IE cumulative patch set (890923) and MS05-020, with guidance that ...

Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion

source: https://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that...