CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via 1 the printenv CGI printenv.pl, which does not encode its output, 2 pages generated by the apsenderrorresponse function such as a default 404, which does not...

[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 156-1 [email protected] http://www.debian.org/security/ Martin Schulze August 22th, 2002 http://www.debian.org/security/faq -...

DSA-156 epic4-script-light - arbitrary script execution

Bulletin has no description...

Microsoft Outlook Express 56 - MHTML URL Handler File Rendering

Microsoft Outlook Express 56 - MHTML URL Handler File Rendering source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for...

Microsoft Outlook Express 5/6 - MHTML URL Handler File Rendering

source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for rendering. The MHTML URL handler does not validate the file type it is...

CVE-2002-0855

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...

CVE-2002-0520

Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag...

CVE-2002-0731

Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl...

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

CVE-2002-0787

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified 1 LOCID or 2 OC parameters...

CVE-2002-0807

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name real name field, which is not properly quoted by editusers.cgi...

DEBIAN-CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...

ShoutBox 1.2 - Form HTML Injection

ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...

ShoutBox 1.2 - 'Form' HTML Injection

source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in...

CVE-2002-0787

The CVE-2002-0787 entry describes a cross-site scripting vulnerability in the iCon administrative web server for Critical Path inJoin Directory Server 4.0. The issue arises from reflected XSS via modified administrator URLs using the LOCID or OC parameters, allowing remote attackers to execute sc...

CVE-2002-0787

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified 1 LOCID or 2 OC parameters...

CVE-2002-0032

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...

GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting

GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting source: https://www.securityfocus.com/bid/5299/info GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code...

CVE-2002-0681

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script...