Lucene search
+L

978 matches found

Exploit DB
Exploit DB
added 2002/10/02 12:0 a.m.32 views

Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting

source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/09/25 12:0 a.m.15 views

ACWeb 1.141.8 - Cross-Site Scripting

ACWeb 1.141.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5793/info acWEB is prone to cross-site scripting attacks. It is possible to construct a malicious link to the web server which contains arbitrary script code. When the link is visited, the script code will be executed ...

Exploits0
exploitpack
exploitpack
added 2002/08/24 12:0 a.m.13 views

PHPReactor 1.2.7 - Style Attribute HTML Injection

PHPReactor 1.2.7 - Style Attribute HTML Injection source: https://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2002/08/09 12:0 a.m.26 views

BlueFace Falcon Web Server 2.0 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/5435/info Falcon Webserver does not sufficiently sanitize HTML tags from error message output. In particular, attackers may inject HTML into 301 and 404 error pages. It is possible to create a malicious link to the server which will generate an error page...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/07/29 12:0 a.m.13 views

ShoutBox 1.2 - Form HTML Injection

ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/07/29 12:0 a.m.27 views

ShoutBox 1.2 - 'Form' HTML Injection

source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/14 12:0 a.m.20 views

PHP Classifieds 6.0.5 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is visited, the attacker's script code will be...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/10 12:0 a.m.20 views

MyHelpDesk 20020509 - HTML Injection

source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/30 12:0 a.m.27 views

MyGuestbook 1.0 - Script Injection

source: https://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. MyGuestbook does not adequately filter script code from various fields. This may enable an attacker ...

7.4AI score
Exploits0
CVE
CVE
added 2001/01/22 5:0 a.m.56 views

CVE-2000-0111

The CVE-2000-0111 entry concerns the RightFax web client, where predictable session numbers can enable an attacker to hijack user sessions. Affected product: RightFax web client. Root cause: session identifiers are predictable, allowing session hijacking without additional authentication. Impact:...

7.5CVSS7.1AI score0.01403EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.20 views

CVE-2000-0111

The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions...

6.7AI score0.01403EPSS
Exploits0References1
securityvulns
securityvulns
added 2001/01/12 12:0 a.m.59 views

Security Bulletin (MS01-001)

The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Web...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2000/02/01 12:0 a.m.40 views

rightfax.txt

LoWNOISE Colombia 2000 +---RightFax Web Client v5.2: Hijack user's sessions +---Description Using your web browser When you click to log on to the rightfax server, it opens a new window. In that window you are asked for a username and password. The Toolbar on the browser is hidden, but if you ope...

7.4AI score
Exploits0
NVD
NVD
added 2000/01/29 5:0 a.m.18 views

CVE-2000-0111

The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions...

7.5CVSS6.7AI score0.01403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 1999/09/15 12:0 a.m.6 views

PT-1999-1371 · Lynx · Lynx

Name of the Vulnerable Software and Affected Versions: Lynx WWW client affected versions not specified Description: The issue allows a remote attacker to specify command-line parameters that Lynx uses when calling external programs to handle certain protocols, such as telnet. Recommendations: At...

10CVSS6.2AI score0.03103EPSS
Exploits0References2
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.10 views

D_Client_Local_KOR

Korean Locale for FWC...

1.3AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.10 views

Security Update for Windows Server 2003 (KB896426)

A security issue has been identified in the Web Client service that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your...

2.9AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.12 views

Security Update for Windows XP (KB896426)

A security issue has been identified in the Web Client service that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your...

2.8AI score
Exploits0
Rows per page
Query Builder