DCP-Portal Multiple Script XSS

The version of DCP-Portal installed on the remote host fails to sanitize input to the script 'calendar.php' before using it to generate dynamic HTML, that could let an attacker execute arbitrary code in the browser of a legitimate user. It may also be affected by HTML injection flaws, which could...

Textor Webmasters Ltd (listrec.pl)

Last update of listrec.pl Jon Wright 11/11/1998. This script has vulnerability does not filter input of the user which allows to carry out commands from WebServer. EXPLOIT: www.server.com/cgi-bin/common/listrec.pl? APP=qmh-news&TEMPLATE=;ls| XP-TEAM...