Searching scripts software vulnerabilities

Variant of the "IIS Cross-Site Scripting" vulne

vulnerability | Scripting" | originally | Cross-Site | discussed | Variant | "IIS |

Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.


Omnicron OmniHTTPd 2.0.8 allows remote attacker

OmniHTTPd | Omnicron |

Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts.


Internet Explorer 5.0 and 5.5, and Outlook Expr

stylesheets | Scripting | attackers | including | Internet | Explorer | disabled | scripts | Outlook | Express | execute | Active | remote | allow | XML |

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).


Cross-site scripting vulnerability in demonstra

vulnerability | demonstration | Cross-site | arguments | attackers | arbitrary | respondpl | scripting | vqServer | contains | scripts | execute | remote | allows | script | such | demo | link | via |

Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.


Unknown vulnerability in Mac OS X 10.3.4, relat

vulnerability | Unknown | Mac |

Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.


The modified suexec program in cPanel, when con

configured | compiled | modified | mod_php | program | Apache | suexec | cPanel |

The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.


init.php in WebCalendar allows remote attackers

WebCalendar | attackers | arbitrary | parameter | user_inc | initphp | scripts | execute | remote | allows | local | PHP | via |

init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.


TinyWeb 1.9 allows remote attackers to read sou

attackers | scripts | TinyWeb | source | allows | remote | "//" | read | code | URL | via |

TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.


Mac OS X 10.3.9 and earlier allows users to ins

Mac |

Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.


The (1) stopserver.sh and (2) startserver.sh sc


The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.


episodex guestbook allows remote attackers to b

authentication | attackers | guestbook | episodex | adminasp | scripts | request | direct | bypass | allows | remote | edit | via |

episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.


The inc.login.php scripts in PHPFinance 0.3 all

incloginphp | privileges | PHPFinance | attackers | scripts | bypass | allows | remote | login | gain |

The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to bypass the login and gain privileges.


Greasemonkey before 0.3.5 allows remote web ser

Greasemonkey | before |

Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.


Unknown vulnerability in DownFile 1.3 allows re

administrator | vulnerability | authentiation | attackers | DownFile | scripts | without | Unknown | allows | access | remote |

Unknown vulnerability in DownFile 1.3 allows remote attackers to access administrator scripts without authentiation.


AlstraSoft Affiliate Network Pro 7.2 allows rem

information | AlstraSoft | attackers | Affiliate | sensitive | scripts | Network | request | direct | remote | allows | obtain | such | Pro | via |

AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.


IBM Informix Dynamic Server 10.00, Informix Cli

Informix | Dynamic | Server | IBM |

IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.


Multiple unspecified vulnerabilities in Pentaho

vulnerabilities | Intelligence | unspecified | Business | Multiple | Pentaho |

Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.


LifeType 1.0.x and 1.1.x have insufficient acce

insufficient | LifeType | control | scripts | access | under | have | 10x | PHP | 11x | all |

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.


Unspecified vulnerability in phpMyFAQ 1.6.7 and

vulnerability | Unspecified | phpMyFAQ |

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.


Unrestricted file upload vulnerability in galle

vulnerability | Unrestricted | galleryphp | upload | phpx | file |

Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory.


Software vulnerabilities results 1 to 20 of 298     
Page: 12345...15