CVE-2003-1509

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the defaul...

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...

Multiple DUWare Product Vulnerabilities

Vendor : DUWare URL : http://www.duware.com Version : DU Portal 3.0 / Multiple DUWare Products Risk : High / Multiple Vulnerabilities Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous advanced features such as Web-based administration,...

DUWare Multiple Products - Multiple Vulnerabilities

DUWare Multiple Vulnerabilities Vendor: DUWare Product: DUWare Version: Multiple Products Website: http://www.duware.com/ BID: 9246 Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous advanced features such as Web-based administration,...

DUWare Multiple Products - Multiple Vulnerabilities

DUWare Multiple Products - Multiple Vulnerabilities DUWare Multiple Vulnerabilities Vendor: DUWare Product: DUWare Version: Multiple Products Website: http://www.duware.com/ BID: 9246 Description: DUportal Pro is a professional Web portal and online community. DUportal Pro contains numerous...

Jason Maloney's Guestbook XSS Vulnerability.

Introduction Jason Maloney's Guestbook is a simple CGI script which is both an easy to use and easy to setup guestbook script. The script fails to carefully sanitize user input, such as certain dangerous metacharacters, resulting in an XSS vulnerability. The Bug During the user-input parsing...

Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting

Virtual Programming VP-ASP 45 - shopdisplayproducts.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this...

XSS vulnerabilities in register.asp in Alan Ward Acart

Vulnerability: XSS vulnerabilities in register.asp Description: The registration form in register.asp does not properly sanitize user input. This means a malicious user can place script into the form fields when they register. The script is stored in the database intact and is called and executed...

Virtual Programming VP-ASP 4/5 - 'shopdisplayproducts.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the...

CVE-2003-0712

Cross-site scripting XSS vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access OWA allows remote attackers to execute arbitrary web script...

Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability

Description Microsoft has announced that a vulnerability exists in Internet Explorer when handling malicious XML objects. The problem is said to occur due to Internet Explorer failing to validate a supplied path when binding local data to the XML document. As a result, a malicious HTML containing...

[UNIX] OpenAutoClassifieds Cross-Site Scripting Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

Chi Kien Uong Guestbook 1.51 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8896/info It has been reported that Chi Kien Uong Guestbook may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The problem is reported to present itself due to...

Vivisimo Clustering Engine - Search Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link design...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

CVE-2003-0736

Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...

PayPal Store Front 3.0 - index.php Remote File Inclusion

PayPal Store Front 3.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an...

PayPal Store Front 3.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...

CVE-2003-0801

Cross-site scripting XSS vulnerability in Nokia Electronic Documentation NED 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script...