6685 matches found
CVE-2003-0712
Cross-site scripting XSS vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access OWA allows remote attackers to execute arbitrary web script...
Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability
Description Microsoft has announced that a vulnerability exists in Internet Explorer when handling malicious XML objects. The problem is said to occur due to Internet Explorer failing to validate a supplied path when binding local data to the XML document. As a result, a malicious HTML containing...
[UNIX] OpenAutoClassifieds Cross-Site Scripting Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
CVE-2003-1137
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...
Chi Kien Uong Guestbook 1.51 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8896/info It has been reported that Chi Kien Uong Guestbook may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The problem is reported to present itself due to...
Vivisimo Clustering Engine - Search Script Cross-Site Scripting
source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link design...
CVE-2003-0736
Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...
PayPal Store Front 3.0 - index.php Remote File Inclusion
PayPal Store Front 3.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an...
PayPal Store Front 3.0 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...
CVE-2003-0801
Cross-site scripting XSS vulnerability in Nokia Electronic Documentation NED 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script...
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these vulnerabilities. Four instances of...
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin...
CVE-2002-1567
CVE-2002-1567 is an XSS vulnerability in Apache Tomcat 4.1 where an attacker can cause script execution and cookie theft by crafting a URL containing encoded newline characters that precede a .jsp request. The underlying issue is improper sanitization of request strings in Tomcat 4.1 (affecting 4...
CVE-2002-1567
Cross-site scripting XSS vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script...
MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method
BodyRefreshLoadsJPU:refresh is a new navigation method tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the patch for method caching attack. OS Ver: "Windows XP Cn ver"...
MSIE->WsFakeSrc
WsFakeSrc tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-MyPage.HTM or http://umbrella.mx.tc --- WsFakeSrc...
Microsoft Internet Explorer 6 - Script Execution
Microsoft Internet Explorer 6 - Script Execution source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details...
Microsoft Internet Explorer 6 - Script Execution
source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the reported issues. This vulnerabili...
ICQ Webfront - Persistant XSS
------------------------------------------------------------------ - EXPL-A-2003-024 exploitlabs.com Advisory 024 ------------------------------------------------------------------ -= ICQ Webfront =- Donnie Werner Sept 09 2003 exploitlabs.com Vunerabilitys: ---------------- 1. Persistant Remote X...