978 matches found
Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
source: https://www.securityfocus.com/bid/5847/info Apache is reported to be vulnerable to cross site scripting attacks. This vulnerability is due to the SSI error pages of the webserver not being properly sanitized of malicious HTML code. Attacker-supplied HTML and script code may be executed on...
ACWeb 1.141.8 - Cross-Site Scripting
ACWeb 1.141.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5793/info acWEB is prone to cross-site scripting attacks. It is possible to construct a malicious link to the web server which contains arbitrary script code. When the link is visited, the script code will be executed ...
PHPReactor 1.2.7 - Style Attribute HTML Injection
PHPReactor 1.2.7 - Style Attribute HTML Injection source: https://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields...
BlueFace Falcon Web Server 2.0 - Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/5435/info Falcon Webserver does not sufficiently sanitize HTML tags from error message output. In particular, attackers may inject HTML into 301 and 404 error pages. It is possible to create a malicious link to the server which will generate an error page...
ShoutBox 1.2 - Form HTML Injection
ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...
ShoutBox 1.2 - 'Form' HTML Injection
source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated by the script. This may result in...
PHP Classifieds 6.0.5 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is visited, the attacker's script code will be...
MyHelpDesk 20020509 - HTML Injection
source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through...
MyGuestbook 1.0 - Script Injection
source: https://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. MyGuestbook does not adequately filter script code from various fields. This may enable an attacker ...
CVE-2000-0111
The CVE-2000-0111 entry concerns the RightFax web client, where predictable session numbers can enable an attacker to hijack user sessions. Affected product: RightFax web client. Root cause: session identifiers are predictable, allowing session hijacking without additional authentication. Impact:...
CVE-2000-0111
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions...
Security Bulletin (MS01-001)
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Web...
rightfax.txt
LoWNOISE Colombia 2000 +---RightFax Web Client v5.2: Hijack user's sessions +---Description Using your web browser When you click to log on to the rightfax server, it opens a new window. In that window you are asked for a username and password. The Toolbar on the browser is hidden, but if you ope...
CVE-2000-0111
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions...
PT-1999-1371 · Lynx · Lynx
Name of the Vulnerable Software and Affected Versions: Lynx WWW client affected versions not specified Description: The issue allows a remote attacker to specify command-line parameters that Lynx uses when calling external programs to handle certain protocols, such as telnet. Recommendations: At...
D_Client_Local_KOR
Korean Locale for FWC...
Security Update for Windows Server 2003 (KB896426)
A security issue has been identified in the Web Client service that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your...
Security Update for Windows XP (KB896426)
A security issue has been identified in the Web Client service that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your...