6685 matches found
CVE-2002-0738
CVE-2002-0738 concerns MHonArc up to version 2.5.2 and earlier, where archiving HTML mail could allow remote script execution in web clients. The root cause is inadequate filtering of Javascript within archived messages, enabling tricks such as breaking SCRIPT tags, using SCRIPT in an IMG SRC, or...
Новости
Product: Новости Version: 1.0 OffSite: http://xonix.ru Problem: Добавление новостей -------------------------------------- Можно добавлять новости без авторизации. http://target/admin/script.php?data=ENTERTHISYOURNEWS. Пример: http://target/admin/script.php?data=script.php?data=? system$cmd ? зат...
Nuked-Klan index.php Multiple Module Vulnerabilities
The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the 'Team', 'News', and 'Liens' modules to display dynamic HTML. An unauthenticated, remote attacker can...
CVE-2002-1434
Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...
CVE-2002-1442
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...
CVE-2003-1203
Cross-site scripting XSS vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter...
Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters
Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...
Microsoft Internet Explorer 56 - Self Executing HTML File
Microsoft Internet Explorer 56 - Self Executing HTML File source: https://www.securityfocus.com/bid/6961/info Microsoft Internet Explorer contains a vulnerability that can allow script code within an HTML document to run an embedded executable file. Since the file is an HTML file, Internet Explor...
CVE-2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."...
cPanel 5.0 - Openwebmail Local Privilege Escalation
cPanel 5.0 - Openwebmail Local Privilege Escalation source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue ma...
[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 246-1 [email protected] http://www.debian.org/security/ Martin Schulze January 29th, 2003 http://www.debian.org/security/faq -...
Sambar Server 5.x - results.stm Cross-Site Scripting
Sambar Server 5.x - results.stm Cross-Site Scripting source: https://www.securityfocus.com/bid/6643/info Sambar Server does not adequately filter some HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script...
DCP-Portal 5.0.1 - editor.php?Root Remote File Inclusion
DCP-Portal 5.0.1 - editor.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously...
N/X Web Content Management System 2002 Prerelease 1 - 'datasets.php?c_path' Local File Inclusion
source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...
NX Web Content Management System 2002 Prerelease 1 - menu.inc.php?c_path Remote File Inclusion
NX Web Content Management System 2002 Prerelease 1 - menu.inc.php?cpath Remote File Inclusion source: https://www.securityfocus.com/bid/6500/info N/X Web Content Management System is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attack...
CVE-2002-1700
Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...
CVE-2002-1727
Cross-site scripting vulnerability XSS in 1 asweb.exe and 2 asweb4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL...
CVE-2002-1673
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd fi...
CVE-2002-1662
Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...
CVE-2002-1688
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button...