6685 matches found
CVE-2003-0736
Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...
PT-2003-1822 · Realnetworks · Realone Player
Name of the Vulnerable Software and Affected Versions: RealOne player affected versions not specified Description: The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a SMIL presentation with a URL that references a scripting protocol. The...
TSguestbook 2.1 - 'Message' HTML Injection
source: https://www.securityfocus.com/bid/8520/info It has been reported that TSguestbook may be prone to HTML injection attacks. The problem is said to occur due to insufficient sanitization of user-supplied input within the 'message' field. As a result, an attacker may post a guestbook entry...
[Full-Disclosure] XSS in ezboard
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla sorry but I don't have ti...
CVE-2003-0531
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...
CVE-2003-0531
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...
RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution
RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This...
DSA-371 perl - cross-site scripting
Bulletin has no description...
PHPOutSourcing Zorum 3.x - Cross-Site Scripting
PHPOutSourcing Zorum 3.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/8388/info A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of...
bug in Invision Power Board
I found possibility to run Script java Script, VBScript on the system Invision Power Board... It's possible to do if it much many things like a withdrawal of cookie, advertising .... For example: http://forums.invisionpower.com/admin.php?adsess='scriptwindow.open window.location.search.substring...
PostNuke 0.6/0.7 Downloads Module - TTitle Cross-Site Scripting
source: https://www.securityfocus.com/bid/8374/info It has been reported that a cross site scripting vulnerability exists in the Downlaods and WebLinks modules of PostNuke. It is possible that an attacker may construct a link containing malicious script code that could be executed in a browser of...
CVE-2003-0492
Cross-site scripting XSS vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter...
Microsoft Outlook Express 56 - Script Execution
Microsoft Outlook Express 56 - Script Execution source: https://www.securityfocus.com/bid/8281/info It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but...
Microsoft Outlook Express 5/6 - Script Execution
source: https://www.securityfocus.com/bid/8281/info It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have resurfaced. It should be noted that...
CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated...
MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion
MoreGroupWare 0.6.8 - WEBMAIL2INCDIR Remote File Inclusion source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a...
Microsoft ISA Server 2000 - Cross-Site Scripting
Microsoft ISA Server 2000 - Cross-Site Scripting source: https://www.securityfocus.com/bid/8207/info ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the...
Microsoft ISA Server 2000 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8207/info ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the request was made for. It has been reported that many ...
Splatt Forum 3/4 - Post Icon HTML Injection
source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML code. As a result, a malicious user may ha...