CVE-2001-0712

The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text .txt, JPEG .jpg, et...

Web-based email services filtering systems vulnerable to malicous script execution

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript which can lead to...

CVE-2001-0658

Cross-site scripting CSS vulnerability in Microsoft Internet Security and Acceleration ISA Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message...

CVE-2001-0340

An interaction between the Outlook Web Access OWA service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically...

CVE-2001-0340

An issue in Outlook Web Access (OWA) for Microsoft Exchange 2000 Server and Internet Explorer lets a malicious HTML attachment execute script when opened via OWA, with the script running under the OWA user’s privileges and potentially accessing/manipulating messages and folders on the server. Exp...

CVE-2001-0999

Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script...

CVE-2001-1004

Cross-site scripting CSS vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags...

CVE-2001-0970

Cross-site scripting vulnerability in TDForum 1.2 CGI script tdforum12.cgi allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script...

CVE-2001-0991

Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message...

Proxomitron Naoko-4 - Cross-Site Scripting

Proxomitron Naoko-4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3087/info Proxomitron is a free web proxy server. Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for...

Proxomitron Naoko-4 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/3087/info Proxomitron is a free web proxy server. Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for script code to be embedded in the error page...

CVE-2001-0340

An interaction between the Outlook Web Access OWA service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically...

PHPLib Team PHPLIB 7.2 - Remote Script Execution

source: https://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility exists that an application may be...

PHPLib Team PHPLIB 7.2 - Remote Script Execution

PHPLib Team PHPLIB 7.2 - Remote Script Execution source: https://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a...

CVE-2001-1161

Cross-site scripting CSS vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script...

PHP 4.x - SafeMode Arbitrary File Execution

PHP 4.x - SafeMode Arbitrary File Execution source: https://www.securityfocus.com/bid/2954/info PHP is the Personal HomePage development toolkit, distributed by the PHP.net, and maintained by the PHP Development Team in public domain. A problem with the toolkit could allow elevated privileges, an...

Perception LiteServe MS-DOS filename vulnerability

Perception LiteServe http://www.cmfperception.com/liteserve.html is a Web, FTP and e-Mail server for Win. When GET requests are made to LiteServe's webserver with the name of the cgi-bin directory as a MS-DOS directory name eg. cgi-shizznitch=CGI-SH1 and cgi-bin=CGI-BIN, LiteServe will read the...

Security Bulletin MS01-030

Title: Incorrect Attachment Handling in Exchange 2000 OWA Can Execute Script Date: 06 June 2001 Software: Microsoft Exchange 2000 Server Outlook Web Access Impact: Run code of attacker's choice Bulletin: MS01-030 Microsoft encourages customers to review the Security Bulletin at:...

CVE-1999-0268

MetaInfo MetaWeb web server allows users to upload, execute, and read scripts...

CVE-2001-1325

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets XSL that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host WSH...