1371 matches found
CVE-2005-2757
CVE-2005-2757 affects Mac OS X and OS X Server 10.4–10.4.3. The issue is a heap-based buffer overflow in CoreFoundation, exploitable by remote attackers to run arbitrary code through how URLs are validated. The description in the connected documents confirms the vulnerability and affected compone...
PunBB URL Quote Tag XSS
According to its banner, the remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate URL and quote tags. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...
PunBB URL Quote Tag XSS
The remote web server contains a PHP application that is prone to cross-site scripting attacks. Description : According to its banner, the remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate URL and quote tags. With a specially-crafted URL...
mfsa2005-47exploit.txt
// Exploit by Michael Krax Firewalling - Proof-of-Concept function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the real image got loaded window.setTimeout"window.stop",1000; Firewalling - Proof-of-Concept The "Set As Wallpaper" dialog takes...
Gallery is still vulnerable to Cross-site Scripting attacks
Hello, After testing out the updates to CVS for Gallery, I realized it is still vulnerable to the cross-site scripting attacks that was mentioned in the first advisory. The following code was committed to CVS: / Test for relative URL, which we know to be local. If URL contains :// assume that it'...
PunBB URL Quote Tag XSS
According to its banner, the remote version of PunBB is vulnerable to cross-site scripting attacks because the application does not validate URL and quote tags. With a specially crafted URL, an attacker may be able to inject arbitrary HTML and script code into a user's browser, resulting in a los...
CVE-2004-0199
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability dvdupgrd.htm...
MS04-015: Microsoft Help Center Remote Code Execution (840374)
The remote host contains bugs in the Microsoft Help and Support Center in the way it handles HCP URL validation. 840374 An attacker could use this bug to execute arbitrary commands on the remote host. To exploit this bug, an attacker would need to lure a user of the remote host into visiting a...
Microsoft Help and Support Center (HCP) fails to properly validate HCP URLs
Overview The Microsoft Help and Support Center HCP fails to properly handle HCP URL validation. Exploitation of this vulnerability may permit remote attackers to execute arbitrary code on the system with the privileges of the current user. Description Microsoft Windows XP and Server 2003 Help and...
ReBB javascripts vulnerability
Hi! Another php - board named ReBB http://www.rebb.net has a img vulnerability. Exploit: Use this string my favorite : - imgjavascript:alert'test'/img Possible decision: All urls in img tag should start with http:// SliderGod...
FloosieTek FTGate 2.1 - Web File Access
source: https://www.securityfocus.com/bid/280/info A vulnerability in Floosietek's FTGate allows remote malicious users to steal local files. Floosietek's FTGate is a Win32 mail server program. One of its features is allowing administrators to check the status of the mail server using a web brows...