CVE-2010-2367

Cross-site scripting XSS vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

New vulnerabilities in OpenX

Hello 3APA3A! I want to warn you about Denial of Service, Cross-Site Scripting and Redirector vulnerabilities in OpenX. DoS Looped DoS: http://site/adclick.php About Looped DoS I wrote in my classification of DoS vulnerabilities in web applications http://websecurity.com.ua/2663/. Vulnerable are...

Mozilla Firefox MFSA存在多个安全漏洞

Bugraq ID: 35758 CVE ID：CVE-2009-1194 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2468 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472 CNCVE ID：CNCVE-20091194 CNCVE-20092462 CNCVE-20092463 CNCVE-20092464 CNCVE-20092465 CNCVE-20092466 CNCVE-20092467...

CVE-2009-1313

The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service memory corruption and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an...

Mozilla Firefox Multiple Vulnerabilities (Apr 2009) - Windows

Mozilla Firefox browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Foundation Security Advisory 2009-18

Mozilla Foundation Security Advisory 2009-18 Title: XSS hazard using third-party stylesheets and XBL bindings Impact: Low Announced: April 21, 2009 Reporter: Cefn Hoile Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Web developer Cefn Hoile reported that sites which...

Firefox 2 and 3 Layout engine crash

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...

Firefox < 3.0.9 Multiple Vulnerabilities

The installed version of Firefox is earlier than 3.0.9. Such versions are potentially affected by the following security issues : - Multiple remote memory corruption vulnerabilities exist that can be exploited to execute arbitrary code in the context of the user running the affected application...

javascript: URIs

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Debian: Security Advisory (DSA-770-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 view and 2 mode parameters...

CVE-2007-3213

CVE-2007-3213 concerns the Sporum Forum before or equal to 3.0.9, where) cross-site scripting (XSS) flaws exist in the comments.cgi script. The vulnerability arises from the ability of an attacker to craft requests that inject arbitrary web script or HTML through the parameters “view” and “mode,”...

FreeBSD : horde -- 'url' disclosure of sensitive information vulnerability (c7c09579-b466-11da-82d0-0050bf27ba24)

Secunia advisory SA19246 : Paul Craig has discovered a vulnerability in Horde, which can be exploited by malicious people to disclose sensitive information. Input passed to the 'url' parameter in 'services/go.php' isn't properly verified, before it is used in a 'readfile' call. This can be...

XSS в vBulletin 3.x

Здравствуйте, vuln. Параметры posthash и poststarttime в скриптах newreply.php и newthread.php не фильтруются в POST-запросе это для версии 3.0.9 для 3.5.4 уязвим только параметр posthash и только в скрипте newthread.php В результате чего возможна атака типа XSS. ПРИМЕР: POST /forum/newthread.php...

Code injection

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

CVE-2005-3022

Affects vBulletin 3.0.9 and earlier. Multiple SQL injection vectors exist in the product, exploitable via parameters to specific PHP scripts: announcement.php (announcement), user.php (userid), admincalendar.php (calendar), cronlog.php (cronid), email.php (usergroupid), help.php (help), language....

Gopher 3.0.9 - +VIEWS Client-Side Buffer Overflow

Gopher 3.0.9 - +VIEWS Client-Side Buffer Overflow / gopherv3.0.9+: remote client buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo compile: gcc xgopher-client.c -o xgopher-client syntax: ./xgopher-client bindshell port The Internet Gopher Client is based on the UMN...

Mozilla Firefox 3.0.9 Memory Corruption

Binary data 5008.prm...