CVE-2002-1015

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which ...

CVE-2001-1370

prepend.php3 in PHPLib before 7.2d, when registerglobals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $PHPLIBlibdir to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages...

CVE-2002-1053

Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...

CVE-2002-0738

CVE-2002-0738 concerns MHonArc up to version 2.5.2 and earlier, where archiving HTML mail could allow remote script execution in web clients. The root cause is inadequate filtering of Javascript within archived messages, enabling tricks such as breaking SCRIPT tags, using SCRIPT in an IMG SRC, or...

CVE-2002-0691

CVE-2002-0691 affects Microsoft Internet Explorer 5.01 and 5.5, enabling remote attackers to execute scripts in the Local Computer zone via a URL referencing a local HTML resource file (Cross-Site Scripting in Local HTML Resource, CAN-2002-0189). CERT and CVE records describe vulnerable local res...

CVE-2002-0075

CVE-2002-0075 is a cross-site scripting vulnerability in Microsoft IIS 4.0/5.0/5.1 where an attacker could cause arbitrary script to run in a user’s browser via unsanitized content in redirect error messages. The connected OpenVAS/ISS/CERT sources confirm multiple CSS issues tied to IIS, includin...

CVE-2002-0958

Technical details about CVE-2002-0958 are not publicly provided in the connected documents. No additional information on affected products, versions, root cause, exploit status, or fixes is available here. Monitor for updates from official sources.

CVE-2002-0329

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag...

CVE-2002-0032

Yahoo! Messenger 5.0.0.1064 and earlier is vulnerable to remote arbitrary-script execution via the addview parameter of the ymsgr URI. The issue stems from Yahoo! Messenger URI handling, allowing an attacker to run code with the victim’s privileges. The advisory/references indicate remediation by...

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

Новости

Product: Новости Version: 1.0 OffSite: http://xonix.ru Problem: Добавление новостей -------------------------------------- Можно добавлять новости без авторизации. http://target/admin/script.php?data=ENTERTHISYOURNEWS. Пример: http://target/admin/script.php?data=script.php?data=? system$cmd ? зат...

Nuked-Klan index.php Multiple Module Vulnerabilities

The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the 'Team', 'News', and 'Liens' modules to display dynamic HTML. An unauthenticated, remote attacker can...

CVE-2002-1442

The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location...

CVE-2002-1434

Multiple cross-site scripting XSS vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs...

CVE-2003-1203

Cross-site scripting XSS vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter...

Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters

Overview The Help and Support Center included with Microsoft Windows Millennium Edition and XP does not adequately validate parameters provided in an "hcp://" URI. As a result, an attacker could construct a URI that could cause the Help and Support Center to execute arbitrary script, effectively...

Microsoft Internet Explorer 56 - Self Executing HTML File

Microsoft Internet Explorer 56 - Self Executing HTML File source: https://www.securityfocus.com/bid/6961/info Microsoft Internet Explorer contains a vulnerability that can allow script code within an HTML document to run an embedded executable file. Since the file is an HTML file, Internet Explor...

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."...

cPanel 5.0 - Openwebmail Local Privilege Escalation

cPanel 5.0 - Openwebmail Local Privilege Escalation source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue ma...

[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting

-------------------------------------------------------------------------- Debian Security Advisory DSA 246-1 [email protected] http://www.debian.org/security/ Martin Schulze January 29th, 2003 http://www.debian.org/security/faq -...