6692 matches found
CVE-2002-0118
The CVE-2002-0118 entry concerns Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0, where a cross‑site scripting (XSS) vulnerability exists. According to the description, remote attackers can execute arbitrary script and steal cookies by sending a message containing encoded Javascript ...
CVE-2001-0658
Cross-site scripting CSS vulnerability in Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message...
CVE-2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made...
efingerd remote buffer overflow and a dangerous feature
Release : 6/3/2002 Author : Spybreak [email protected] Software: efingerd Versions: 1.3, 1.6.1 Problems: Remote buffer overflow and a dangerous feature Efingerd is a "finger daemon, giving you complete control over what are you going to display about your computer" as is written in the man page...
Дырки в PHP Phorum
Можно указать некорректный php-файл для выполнения, администратор форума имеет возможность вставить собственный PHP-скрипт...
OpenBB 1.0.x - Image Tag Cross-Agent Scripting
source: https://www.securityfocus.com/bid/4171/info OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. OpenBB allows users to include images in forum messages using image tags, with the following syntax:...
Powie PForum 1.1x - 'Username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/4165/info Powie PForum is web forum software, written in PHP and back-ended by MySQL. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. PForum is prone to cross-site scripting attacks. It is possible for an...
CVE-2001-0991
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message...
CVE-2001-0999
CVE-2001-0999 concerns Outlook Express 6.00, where remote attackers could cause arbitrary script execution by embedding SCRIPT tags in a message with MIME type text/plain. This contradicts the expected behavior that text/plain messages do not run scripts. The available references (NVD, CVE List) ...
Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting
Ultimate Bulletin Board 5.46.06.2 - Cross-Agent Scripting source: https://www.securityfocus.com/bid/3829/info UBB Ultimate Bulletin Board is commercial web forums/community software that is written in Perl. It runs on various Unix/Linux variants, as well as Microsoft Windows NT/2000. UBB is prone...
Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service
Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service source: https://www.securityfocus.com/bid/3782/info Anti-Web HTTPD is a freely available, open source web server designed for use on the Linux platform. It is maintained by Doug Hoyte. Under certain circumstances awhttpd reacts...
CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...
PT-2001-2334 · Agora · Agora
Name of the Vulnerable Software and Affected Versions: Agora versions 3.0a through 4.0g Description: The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue...
Opera 5.0/5.1 - Same Origin Policy Circumvention
source: https://www.securityfocus.com/bid/3553/info Opera is a popular, freely available web browser that is supported across many different platforms. Opera is prone to an issue which may allow for the execution of script code across domains, allowing for circumvention of the web browser's...
Opera 5.05.1 - Same Origin Policy Circumvention
Opera 5.05.1 - Same Origin Policy Circumvention source: https://www.securityfocus.com/bid/3553/info Opera is a popular, freely available web browser that is supported across many different platforms. Opera is prone to an issue which may allow for the execution of script code across domains,...
CVE-2001-0712
The CVE concerns Internet Explorer’s rendering engine where MIME types are determined by the client rather than the server. This enables remote servers to coax script execution from files whose MIME type would not normally be treated as executable (e.g., .txt, .jpg). Reported impact scores indica...
CVE-2001-0712
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text .txt, JPEG .jpg, et...
Web-based email services filtering systems vulnerable to malicous script execution
Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...
CVE-2001-0658
Cross-site scripting CSS vulnerability in Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message...
CVE-2001-0340
An interaction between the Outlook Web Access OWA service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically...