6690 matches found
Microsoft Internet Explorer 6 - Shell.Application Object Script Execution
source: https://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the ability to alter registry settings that may allow for further attacks. In...
CVE-2004-0606
Cross-site scripting XSS vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the 1 CLIENTID or 2 HOSTNAME option of a DHCP request...
CVE-2004-0584
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...
Usermin: Multiple vulnerabilities
Background Usermin is a web-based administration tool for Unix. It supports a wide range of user applications including configuring mail forwarding, setting up SSH or reading mail. Description Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contai...
PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others.
Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower not tested. Details: The PHP Include exploit exist in de folowing code,...
CVE-2004-0503
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format RTF message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to...
[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier
=========================================================================== =========================================================================== Advisory: 2004-Nuke-001 Affected Software: PHPNuke Affected Versions: Version 7.3 and earlier Main Developer: Francisco Burzi...
Apple Mac OS X help system may interpret inappropriate local script files
Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...
Safari remote arbitrary code execution
Adv: safari0x04 Release Date: 10/05/04 Affected Products: Safari = 1.2 Fixed in: Not fixed. Impact: Remote code execution. Severity: High. Vendor: Notified 23/02/04 Author: fundisom.com Apple uses a special function to execute scripts and applications from his Help system. Unfortunatly, this Help...
[Full-Disclosure] Vuln. MacOSX/Safari: Remote help-call, execute scripts
I usually complain a lot about the Windows-security settings, and consider NIX systems to be of an entirely different level. But this time I found my own arguments off short. I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running in...
Cross Site Scripting in Moodle < 1.3
Cross Site Scripting in Moodle 1.3 ==================================== 2004-04-30 01 Author: author: Bartek Nowotarski silence location: Trzebinia, Poland mail: silence10atwpdotpl site: silencedot0dotpl 02 Discussion: "Moodle is a course management system CMS - a software package designed to hel...
CVE-2004-1969
The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...
Fusionphp Fusion News 3.6.1 - Cross-Site Scripting
Fusionphp Fusion News 3.6.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based...
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting
source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...
CVE-2004-0121
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...
phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting
phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due...
phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities
phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. Thes...
PT-2004-1312 · Microsoft · Outlook
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook version 2002 Description: The issue concerns an argument injection vulnerability where Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE. Thi...