Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge)

Wird einer B-420 Ethernet Bridge folgende URL bergeben startet sie neu. http://IP/Forms/rpAuth1?ZyXEL20ZyWALL20Seriesscripttop.location.pathname = ""/script Wird das ganze noch einmal wiederholt startet sie nicht mehr neu, sondern hngt einfach bzw. nimmt keine Anforderungen mehr entgegen und muss...

CVE-2004-1551

Cross-site scripting XSS vulnerability in the 1 email or 2 file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter...

CVE-2004-1563

Multiple cross-site scripting XSS vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the 1 thread parameter to downloadthread.php, 2 loginuser parameter to login.php, or 3 userid parameter to forgotpassword.php...

CVE-2004-1578

Cross-site scripting XSS vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header...

CVE-2004-2115

Multiple cross-site scripting XSS vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the 1 action, 2 username, or 3 password parameters in an isqlplus request...

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...

CVE-2004-2096

Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...

CVE-2004-2098

Cross-site scripting XSS vulnerability in the banner engine TBE 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability...

CVE-2004-2128

Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...

CVE-2004-2279

Cross-site scripting XSS vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php...

WPkontakt.txt

Product: WPKontakt , Jaroslaw Sajko Advisory: http://www.man.poznan.pl/security/wpkontakt.html ISSUE WPkontakt is the another Polish instant messenger. The problem is similiar to the problems revealed in GG or Tlen.pl - parsing error leading to the remote script execution. DETAILS Parsing error...

MS Internet Explorer (<= XP SP2) HTML Help Control Local Zone Bypass

Exploit for unknown platform in category remote exploits ==================================================================== MS Internet Explorer localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt /...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution

source: https://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Arbitrary script...

[SA13574] PHP-Nuke Workboard Module Cross-Site Scripting

TITLE: PHP-Nuke Workboard Module Cross-Site Scripting SECUNIA ADVISORY ID: SA13574 VERIFY ADVISORY: http://secunia.com/advisories/13574/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Workboard 1.x module for PHP-Nuke http://secunia.com/product/4432/ DESCRIPTION...

Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown

Overview The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone. Description Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature...

Zwiki: XSS vulnerability

Background Zwiki is a Zope wiki-clone for easy-to-edit collaborative websites. Description Due to improper input validation, Zwiki can be exploited to perform cross-site scripting attacks. Impact By enticing a user to read a specially-crafted wiki entry, an attacker can execute arbitrary script...

Gadu-Gadu Remote DoS &#40;all versions&#41;

Product: Tlen.pl = 5.23.4.1 Vendor: o2.pl Sp. z o.o. http://www.tlen.pl/ Impact: Remote script execution Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 20/12/04 ISSUE Tlen.pl is the instant messenger application used by more than 700 000 users. The...

Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution

source: https://www.securityfocus.com/bid/12050/info Tlen.pl is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Tlen.pl 5.23.4.1 an...

Gadu-Gadu, another two bugs

Product: Gadu-Gadu, build 155 and older Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Script execution in local zone, Remote DoS Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 17/12/04 ISSUE Gadu-Gadu is the first Polish instant messenger...