TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these vulnerabilities. Four instances of...

CVE-2002-1567

CVE-2002-1567 is an XSS vulnerability in Apache Tomcat 4.1 where an attacker can cause script execution and cookie theft by crafting a URL containing encoded newline characters that precede a .jsp request. The underlying issue is improper sanitization of request strings in Tomcat 4.1 (affecting 4...

CVE-2002-1567

Cross-site scripting XSS vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script...

MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method

BodyRefreshLoadsJPU:refresh is a new navigation method tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the patch for method caching attack. OS Ver: "Windows XP Cn ver"...

MSIE->WsFakeSrc

WsFakeSrc tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-MyPage.HTM or http://umbrella.mx.tc --- WsFakeSrc...

Microsoft Internet Explorer 6 - Script Execution

Microsoft Internet Explorer 6 - Script Execution source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details...

Microsoft Internet Explorer 6 - Script Execution

source: https://www.securityfocus.com/bid/8577/info Multiple issues have been reported in Microsoft Internet Explorer. Though these issues have been reported by a reliable source, communication issues have presented difficulty in obtaining details surrounding the reported issues. This vulnerabili...

ICQ Webfront - Persistant XSS

------------------------------------------------------------------ - EXPL-A-2003-024 exploitlabs.com Advisory 024 ------------------------------------------------------------------ -= ICQ Webfront =- Donnie Werner Sept 09 2003 exploitlabs.com Vunerabilitys: ---------------- 1. Persistant Remote X...

CVE-2003-0736

Multiple cross-site scripting XSS vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via 1 the day parameter in the calendar module, 2 the fatcatid parameter in the fatcat module, 3 the PAGEid parameter in the pagemaster module, 4 the PDAlimit...

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

PT-2003-1822 · Realnetworks · Realone Player

Name of the Vulnerable Software and Affected Versions: RealOne player affected versions not specified Description: The issue allows remote attackers to execute arbitrary script in the "My Computer" zone. This is achieved via a SMIL presentation with a URL that references a scripting protocol. The...

[Full-Disclosure] XSS in ezboard

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla sorry but I don't have ti...

TSguestbook 2.1 - 'Message' HTML Injection

source: https://www.securityfocus.com/bid/8520/info It has been reported that TSguestbook may be prone to HTML injection attacks. The problem is said to occur due to insufficient sanitization of user-supplied input within the 'message' field. As a result, an attacker may post a guestbook entry...

CVE-2003-0531

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...

CVE-2003-0531

Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability...

RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution

RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This...

PHPOutSourcing Zorum 3.x - Cross-Site Scripting

PHPOutSourcing Zorum 3.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/8388/info A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of...

DSA-371 perl - cross-site scripting

Bulletin has no description...

bug in Invision Power Board

I found possibility to run Script java Script, VBScript on the system Invision Power Board... It's possible to do if it much many things like a withdrawal of cookie, advertising .... For example: http://forums.invisionpower.com/admin.php?adsess='scriptwindow.open window.location.search.substring...