Lucene search
K

30 matches found

Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.5 views

PT-2023-25687 · 3S Smart Software Solutions · Codesys Development System +1

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.9.0 through 3.5.17.0 CODESYS Scripting versions 4.0.0.0 through 4.1.0.0 Description: The issue is related to unsafe directory permissions in the affected software. This could allow an attacker with loca...

7.3CVSS6.9AI score0.00196EPSS
Exploits0References4
exploitpack
exploitpack
added 2005/04/04 12:0 a.m.26 views

SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities

SonicWALL SOHO 5.1.7 - Web Interface Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/12984/info Multiple remote input validation vulnerabilities affect SonicWALL SOHO. These issues are due to a failure of the application to properly sanitize user-supplie...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/07/05 12:0 a.m.21 views

Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution

source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by...

7.4AI score
Exploits0
CERT
CERT
added 2003/04/25 12:0 a.m.44 views

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...

7.6AI score
Exploits0References27
NVD
NVD
added 2003/04/11 4:0 a.m.14 views

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...

7.5CVSS6.7AI score0.01374EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2002/09/09 12:0 a.m.30 views

phpGB 1.1 - HTML Injection

source: https://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in t...

7AI score
Exploits0
exploitpack
exploitpack
added 2002/07/29 12:0 a.m.13 views

ShoutBox 1.2 - Form HTML Injection

ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2002/05/26 12:0 a.m.16 views

PHPBB2 - Image Tag HTML Injection

PHPBB2 - Image Tag HTML Injection source: https://www.securityfocus.com/bid/4858/info It is possible to inject arbitrary HTML into phpBB2 forum messages via the use of BBCode image tags. A similar issue is described in Bugtraq ID 4379 "PHPBB Image Tag User-Embedded Scripting Vulnerability"...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.21 views

CVE-2002-0270

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web...

6.5AI score0.04733EPSS
Exploits0References1
securityvulns
securityvulns
added 2001/06/07 12:0 a.m.98 views

Security Bulletin MS01-030

Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at:...

1.5AI score
Exploits0
Rows per page
Query Builder