6690 matches found
Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting
Mambo Open Source 4.5.1 1.0.9 - Cross-Site Scripting source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. ...
CVE-2004-1690
Cross-site scripting XSS vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL...
PerlDesk < 2 pdesk.cgi lang Parameter Traversal Server-Side Script Execution
Binary data 2278.prm...
CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...
CVE-2002-0840
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...
CVE-2002-0682
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet...
CVE-2002-0615
CVE-2002-0615 affects Windows Media Player 7.1 (and related Media Player versions) where the Windows Media Active Playlist stores data in a well-known local file path, enabling HTML script execution in the Local Computer zone. Connected documentation also references MS02-032 (patch 320920) that f...
CVE-2002-0546
CVE-2002-0546: In the Winamp mini-browser (versions 2.78 and 2.79), the HTML/JS execution vulnerability is triggered by crafted ID3v1/ID3v2 tags in MP3 files, allowing remote script execution. The root cause is cross-site scripting within the mini-browser component when processing MP3 metadata. E...
CVE-2002-0615
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation"...
Newtelligence DasBlog 1.x - Request Log HTML Injection
Newtelligence DasBlog 1.x - Request Log HTML Injection source: https://www.securityfocus.com/bid/11086/info DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to properly sanitize user-supplied input...
GLSA-200406-08 : Squirrelmail: Another XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200406-08 Squirrelmail: Another XSS vulnerability A new cross-site scripting XSS vulnerability in Squirrelmail-1.4.3rc1 has been discovered. In functions/mime.php Squirrelmail fails to properly sanitize user input. Impact : By...
GLSA-200406-11 : Horde-IMP: Input validation vulnerability
The remote host is affected by the vulnerability described in GLSA-200406-11 Horde-IMP: Input validation vulnerability Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code. Impact : By enticing a user to read a specially crafted e-mail, an attacker can...
CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...
Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/11064/info Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input. As a result of this issue and attacker...
VulnCheck KEV: CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...
HastyMail HTML Attachment Script Execution
The remote host is running HastyMail, a PHP-based mail client application. The installed version contains a flaw caused by email attachments not being properly defined int he Content-Disposition HTTP header. An attacker could exploit this flaw to inject Javascript or ActiveX code in an attachment...
Powie's PSCRIPT Forum fails to filter user posts
Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with 'registerglobals = on'. When PHP is configured to register glob...
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution source: https://www.securityfocus.com/bid/10993/info Mantix is reportedly susceptible to a remote server-side script execution vulnerability. This vulnerability only presents itself when PHP is configured on the hosting computer with...
Yahoo! Messenger ymsgr URI Arbitrary Script Execution
Binary data 1262.prm...