CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

CVE-2004-0271

CVE-2004-0271 concerns multiple cross-site scripting (XSS) vulnerabilities in MaxWebPortal. The issues enable remote attackers to run arbitrary web script in the context of other users by manipulating: (1) sub_name in dl_showall.asp, (2) SendTo in Personal Messages, (3) HTTP_REFERER for down.asp,...

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

iDEFENSE Security Advisory 03.09.04: Microsoft Outlook "mailto:" Parameter Passing Vulnerability

Microsoft Outlook "mailto:" Parameter Passing Vulnerability iDEFENSE Security Advisory 03.09.04 www.idefense.com/application/poi/display?id=79&type=vulnerabilities March 09, 2004 I. BACKGROUND Microsoft Outlook provides an integrated solution for managing and organizing e-mail messages, schedules...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...

CVE-2004-0015

vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges...

phpGroupWare 0.9.x - index.php HTML Injection

phpGroupWare 0.9.x - index.php HTML Injection source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and...

PHPGedView 2.61 - Multiple Remote File Inclusions

PHPGedView 2.61 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require paths for...

CVE-2003-1204

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via 1 the link parameter in sectionswindow.php, the directory parameter in 2 gallery.php, 3 navigation.php, or 4 uploadimage.php, the path...

CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...

Multiple DUWare Product Vulnerabilities

Vendor : DUWare URL : http://www.duware.com Version : DU Portal 3.0 / Multiple DUWare Products Risk : High / Multiple Vulnerabilities Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous advanced features such as Web-based administration,...

DUWare Multiple Products - Multiple Vulnerabilities

DUWare Multiple Vulnerabilities Vendor: DUWare Product: DUWare Version: Multiple Products Website: http://www.duware.com/ BID: 9246 Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous advanced features such as Web-based administration,...

DUWare Multiple Products - Multiple Vulnerabilities

DUWare Multiple Products - Multiple Vulnerabilities DUWare Multiple Vulnerabilities Vendor: DUWare Product: DUWare Version: Multiple Products Website: http://www.duware.com/ BID: 9246 Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous...

Jason Maloney's Guestbook XSS Vulnerability.

Introduction Jason Maloney's Guestbook is a simple CGI script which is both an easy to use and easy to setup guestbook script. The script fails to carefully sanitize user input, such as certain dangerous metacharacters, resulting in an XSS vulnerability. The Bug During the user-input parsing...

XSS vulnerabilities in register.asp in Alan Ward Acart

Vulnerability: XSS vulnerabilities in register.asp Description: The registration form in register.asp does not properly sanitize user input. This means a malicious user can place script into the form fields when they register. The script is stored in the database intact and is called and executed...