Tlen.pl 5.23.4.1 - Instant Messenger Remote Script Execution

source: https://www.securityfocus.com/bid/12050/info Tlen.pl is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to various attacks. Tlen.pl 5.23.4.1 an...

Gadu-Gadu, another two bugs

Product: Gadu-Gadu, build 155 and older Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Script execution in local zone, Remote DoS Severity: High Authors: Blazej Miga [email protected], Jaroslaw Sajko [email protected] Date: 17/12/04 ISSUE Gadu-Gadu is the first Polish instant messenger...

CVE-2004-1130

Cross-site scripting XSS vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as 1 username, 2 name, or 3 comments...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

CVE-2004-1106

Cross-site scripting XSS vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php...

IPCop 1.4.1 - Web Administration Interface Proxy Log HTML Injection

IPCop 1.4.1 - Web Administration Interface Proxy Log HTML Injection source: https://www.securityfocus.com/bid/11779/info IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied...

IPCop 1.4.1 - Web Administration Interface Proxy Log HTML Injection

source: https://www.securityfocus.com/bid/11779/info IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web pages. This...

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

CVE-2004-0254

Cross-site scripting XSS vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag...

CVE-2004-0271

Multiple cross-site scripting vulnerabilities XSS in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via 1 the subname parameter of dlshowall.asp, 2 the SendTo parameter in Personal Messages, 3 the HTTPREFERER for down.asp, or 4 the image name of an Avatar in th...

CVE-2004-0314

Cross-site scripting XSS vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter...

CVE-2004-0319

Cross-site scripting XSS vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a 1 font color or 2 font face argument...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-0347

Cross-site scripting XSS vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 build 4797 allows remote authenticated users to execute arbitrary script as other users via the row parameter...

CVE-2004-0251

Cross-site scripting XSS vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting

TIPS MailPost 5.1.1 - APPEND Cross-Site Scripting source: https://www.securityfocus.com/bid/11596/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitra...

TIPS MailPost 5.1.1 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser throug...

CVE-2004-1630

Cross-site scripting XSS vulnerability in the login form in Open WorkFlow Engine OpenWFE 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter...

CVE-2004-1621

NOTE: this issue has been disputed by the vendor. Cross-site scripting XSS vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of 1 computed for display, 2...