6692 matches found
Microsoft Outlook Express 56 - Script Execution
Microsoft Outlook Express 56 - Script Execution source: https://www.securityfocus.com/bid/8281/info It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but...
Microsoft Outlook Express 5/6 - Script Execution
source: https://www.securityfocus.com/bid/8281/info It has been reported that a weakness may have been re-introduced into Microsoft Outlook Express. According to the source, the issue described in Bugtraq ID 3334 had been fixed by Microsoft but appears to have resurfaced. It should be noted that...
CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated...
MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion
MoreGroupWare 0.6.8 - WEBMAIL2INCDIR Remote File Inclusion source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a...
Microsoft ISA Server 2000 - Cross-Site Scripting
Microsoft ISA Server 2000 - Cross-Site Scripting source: https://www.securityfocus.com/bid/8207/info ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the...
Microsoft ISA Server 2000 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8207/info ISA server will output certain error pages when requests that are invalid, for whatever reason, are transmitted through it. These error pages will appear in the context of the domain that the request was made for. It has been reported that many ...
Splatt Forum 3/4 - Post Icon HTML Injection
source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML code. As a result, a malicious user may ha...
Splatt Forum 34 - Post Icon HTML Injection
Splatt Forum 34 - Post Icon HTML Injection source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML...
CVE-2003-0523
Cross-site scripting XSS vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter...
CPanel 5.0/5.3/6.x - Admin Interface HTML Injection
source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be...
Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution
source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to prevent filtering of the attachment by...
Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution
Microsoft Outlook 5.52000 - Web Access HTML Attachment Script Execution source: https://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML messa...
Verity K2 Toolkit 2.20 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8073/info It has been reported that Verity K2 Toolkit does not sufficiently filter user-supplied search parameters. As a result of this reported deficiency, it may be possible for a remote attacker to create a malicious link containing script code that wi...
XMB Forum 1.8 - buddy.php?action Cross-Site Scripting
XMB Forum 1.8 - buddy.php?action Cross-Site Scripting source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any...
XMB Forum 1.8 - 'member.php?member' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...
XMB Forum 1.8 - 'buddy.php?action' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8013/info XMB Forum has been reported prone to multiple cross-site scripting and HTML-injection vulnerabilities because the application fails to sanitize user-supplied data. An attacker may exploit any one of these vulnerabilities to execute arbitrary...
CVE-2003-0447
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated...
CVE-2003-0447
The CVE-2003-0447 issue affects Internet Explorer versions 5.01, 5.5 and 6.0, where the Custom HTTP Errors capability can be abused via an argument to shdocvw.dll to generate a javascript: link, enabling remote script execution in the Local Zone. The vulnerability is described as allowing remote ...
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who...
PHP 4.x - Transparent Session ID Cross-Site Scripting
PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...