Searching html software vulnerabilities

Aladdin eSafe Gateway versions 2.x allows a rem

arrangement | circumvent | filtering | includes | attacker | versions | embedded | special | Aladdin | Gateway | within | allows | SCRIPT | remote | other | eSafe | which | HTML | tags | via |

Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.


Aladdin eSafe Gateway versions 3.0 and earlier

circumvent | filtering | attacker | document | encoding | versions | Aladdin | Gateway | UNICODE | earlier | within | remote | allows | SCRIPT | eSafe | tags | HTML | via |

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.


Crystal Reports, when displaying data for a pas

displaying | attackers | protected | passwords | cleartext | username | database | password | Reports | Crystal | allows | obtain | remote | embeds | pages | using | which | data | HTML | page | URL |

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.


Cross-site scripting (XSS) vulnerability in w3m

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.


Cross-site scripting (XSS) vulnerability in Mld

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter.


Buffer overflow in the strip_html_tags method f

strip_html_tags | Enhanced | overflow | method | Buffer | Gyach |

Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.


The HTML parsing functions in Gaim before 1.1.4

functions | parsing | before | Gaim | HTML |

The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.


Cross-site scripting (XSS) vulnerability in EMo

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML.


SqWebMail allows remote attackers to inject arb

parameter | arbitrary | sequences | attackers | SqWebMail | redirect | followed | desired | inject | remote | allows | script | HTML | CRLF | web | via |

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.


Invision Power Board (IPB) 1.0.3 allows remote

Invision | Board | Power |

Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.


Cross-site scripting (XSS) vulnerability in AMA

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.


Cross-site scripting (XSS) vulnerability in php

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.


Microsoft Internet Explorer 5.01 SP4 and 6 does

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."


Cross-site scripting (XSS) vulnerability in Elo

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.


Adobe ColdFusion MX 7.x before 7.0.2 does not p

ColdFusion | before | Adobe |

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.


WebCore on Apple Mac OS X 10.3.9 and 10.4.10, a

WebCore | Apple | Mac |

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.


The KDE HTML library (kdelibs), as used by Konq

library | HTML | KDE |

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.


Microsoft Internet Explorer 6 and 7 embeds FTP

context-dependent | demonstrated | credentials | information | retrieved | attackers | Microsoft | sensitive | Explorer | Internet | reading | session | obtain | embeds | source | allows | during | which | files | HTML | FTP |

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.


Software vulnerabilities results 1 to 20 of 3232     
Page: 12345...162