Microsoft Internet Explorer 5 - IFrameFrame Cross-SiteZone Script Execution

Microsoft Internet Explorer 5 - IFrameFrame Cross-SiteZone Script Execution source: https://www.securityfocus.com/bid/5672/info When a Microsoft Internet Explorer MSIE window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domai...

Microsoft Internet Explorer 5 - IFrame/Frame Cross-Site/Zone Script Execution

source: https://www.securityfocus.com/bid/5672/info When a Microsoft Internet Explorer MSIE window opens another window, security checks should prevent the parent from accessing the child if the latter is of another domain or Security Zone. It has been reported that such checks fails to occur...

CVE-2002-0855

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...

CVE-2000-1205

CVE-2000-1205 covers cross-site scripting in Apache 1.3.0–1.3.11. The vulnerability allows remote attackers to execute script as other visitors via (1) printenv CGI (printenv.pl) output, (2) error pages generated by ap_send_error_response (e.g., default 404) that omit an explicit charset, or (3) ...

CVE-2002-0960

Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users...

CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...

CVE-2002-1070

Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter...

CVE-2002-1008

Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the...

CVE-2002-0948

Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes SSI as the web server, via the 1 Name or 2 Email parameters, which are not properly filtered...

CVE-2002-0944

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 through 6.2.1 allows remote attackers to execute arbitrary script as the LiveStats user via the 1 user-agent or 2 referrer, which are not filtered by the stats program...

CVE-2002-1036

Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine FDSE before 2.0.0.0055 allows remote attackers to execute web script via the 1 Rank or 2 Match parameters...

CVE-2002-0955

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board YaBB 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message...

CVE-2002-0902

Cross-site scripting vulnerability in phpBB 2.0.0 phpBB2 allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote " in the IMG tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects th...

CVE-2002-0962

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via 1 the url variable in the Link field of a calendar event, 2 the topic parameter in index.php, or 3 the title parameter in comment.php...

[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...

DSA-156 epic4-script-light - arbitrary script execution

Bulletin has no description...

Microsoft Outlook Express 56 - MHTML URL Handler File Rendering

Microsoft Outlook Express 56 - MHTML URL Handler File Rendering source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for...

Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering

source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for rendering. The MHTML URL handler does not validate the file type it is...

CVE-2002-0855

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...