Poisonous Style for Dialog window turns the zone off.

Poisonous Style for Dialog window turns the zone off. "that's all" is the end of file if you are in a hurry tested MSIEv6CN version Patch: Q312461,Q328790MS02-066 IEXPLORE.EXE file version: 6.0.2600.0000 MSHTML.DLL file version: 6.00.2600.0000 demo at...

CVE-2002-1334

Cross-site scripting XSS vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via 1 the direct parameter in imageFolio.cgi, or 2 nph-build.cgi...

CVE-2002-1210

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context...

Web Server Creator Web Portal 0.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for the customize.php and index.php scripts. As a...

CVE-2002-1210

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context...

CVE-2002-1286

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the...

Xoops 1.3.5 - Private Message System Font Attributes HTML Injection

source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious HTML code. This makes it possible for an attacker to supply malicious...

security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

Ultimate PHP Board Board 1.0 final Beta - 'viewtopic.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser...

security flaw

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2002-1167

Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request...

CVE-2002-1168

Cross-site scripting XSS vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" CRLF sequence, which echoes the Location as an HTTP...

Microsoft Internet Explorer 56 - Cached Objects Zone Bypass

Microsoft Internet Explorer 56 - Cached Objects Zone Bypass source: https://www.securityfocus.com/bid/6028/info Multiple vulnerabilities have been reported for Microsoft Internet Explorer. These vulnerabilities have been reported to affect Internet Explorer 5.5 to 6.0. Internet Explorer 6.0 with...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

CVE-2002-0840

Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different...

PHPRank 1.8 - add.php Cross-Site Scripting

PHPRank 1.8 - add.php Cross-Site Scripting source: https://www.securityfocus.com/bid/5945/info phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems. It has been reported that phpRank is vulnerable to cross-site scripting...

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting

Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting source: https://www.securityfocus.com/bid/5900/info A vulnerability in Microsoft Internet Information Server IIS may make cross-site scripting attacks possible. When IIS receives a request for an .idc file, the server typically returns a 404...

CVE-2002-1036

Cross-site scripting vulnerability in search.pl for Fluid Dynamics Search Engine FDSE before 2.0.0.0055 allows remote attackers to execute web script via the 1 Rank or 2 Match parameters...

CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...