CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due...

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. Thes...

PT-2004-1312 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook version 2002 Description: The issue concerns an argument injection vulnerability where Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE. Thi...

Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting

Topic Calendar 1.0.1 - CalendarScheduler.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

XSS in e107 forum

Существует возможность вставки произвольного HTML код в тело сообщения. Удаленный атакующий может вставить специально отформатированный BB тэг bbcode , чтобы заставить форум отобразить произвольный код сценария в браузере пользователя, просматривающего злонамеренное сообщение. При желании, укорот...

Topic Calendar 1.0.1 - 'Calendar_Scheduler.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

CVE-2004-0271

CVE-2004-0271 concerns multiple cross-site scripting (XSS) vulnerabilities in MaxWebPortal. The issues enable remote attackers to run arbitrary web script in the context of other users by manipulating: (1) sub_name in dl_showall.asp, (2) SendTo in Personal Messages, (3) HTTP_REFERER for down.asp,...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

iDEFENSE Security Advisory 03.09.04: Microsoft Outlook "mailto:" Parameter Passing Vulnerability

Microsoft Outlook "mailto:" Parameter Passing Vulnerability iDEFENSE Security Advisory 03.09.04 www.idefense.com/application/poi/display?id=79&type=vulnerabilities March 09, 2004 I. BACKGROUND Microsoft Outlook provides an integrated solution for managing and organizing e-mail messages, schedules...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...

CVE-2004-0015

vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges...

phpGroupWare 0.9.x - index.php HTML Injection

phpGroupWare 0.9.x - index.php HTML Injection source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and...

PHPGedView 2.61 - Multiple Remote File Inclusions

PHPGedView 2.61 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/9368/info PhpGedView is prone to multiple file include vulnerabilities. The source of the issue is that a number of scripts that ship with the software permit remote users to influence require paths for...

CVE-2003-1204

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via 1 the link parameter in sectionswindow.php, the directory parameter in 2 gallery.php, 3 navigation.php, or 4 uploadimage.php, the path...