30 matches found
PT-2023-25687 · 3S Smart Software Solutions · Codesys Development System +1
Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.9.0 through 3.5.17.0 CODESYS Scripting versions 4.0.0.0 through 4.1.0.0 Description: The issue is related to unsafe directory permissions in the affected software. This could allow an attacker with loca...
SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities
SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/12984/info Multiple remote input validation vulnerabilities affect SonicWALL SOHO. These issues are due to a failure of the application to properly sanitize user-supplie...
Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution
source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by...
Microsoft Internet Explorer does not adequately validate source of dialog frame
Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...
CVE-2002-1442
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...
phpGB 1.1 - HTML Injection
source: https://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in t...
ShoutBox 1.2 - Form HTML Injection
ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...
PHPBB2 - Image Tag HTML Injection
PHPBB2 - Image Tag HTML Injection source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability"...
CVE-2002-0270
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web...
Security Bulletin MS01-030
Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at:...