9742 matches found
MediaWiki Cross-site Scripting
MediaWiki Cross-site Scripting Vulnerabilities. Date: 18/02/2007 Vendor: MediaWiki Vulnerable versions: MediaWiki 1.9.2 latest and below. Description: MediaWiki v1.8.2 and below are vulnerable to plain Cross-site scripting attack by expliting the experimental AJAX features, if enabled default. Th...
MediaWiki Cross-site Scripting
MediaWiki Cross-site Scripting Vulnerabilities. Date: 18/02/2007 Vendor: MediaWiki Vulnerable versions: MediaWiki 1.9.2 latest and below. Description: MediaWiki v1.8.2 and below are vulnerable to plain Cross-site scripting attack by expliting the experimental AJAX features, if enabled default. Th...
security flaw
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...
MediaWiki AJAX未明跨站脚本漏洞
MediaWiki AJAX是一款著名的wiki知识库引擎。 MediaWiki AJAX不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 目前没有详细漏洞细节提供。 MediaWiki MediaWiki 1.8.2 MediaWiki MediaWiki 1.8.1 MediaWiki MediaWiki 1.8 MediaWiki MediaWiki 1.7.1 MediaWiki MediaWiki 1.7 MediaWiki MediaWiki 1.6.8 MediaWiki MediaWiki 1.6.7 MediaWiki MediaWiki...
Ajax hacking (Monyer)-vulnerability warning-the black bar safety net
Author: dream light In the tenth period published the Ajax hacking, the users give me feedback onXSSthe technical aspects of the problem mainly by the following several. For what in Ajax hacking, withXSS for? It with the traditionalXSSwhat's the difference? They each have what the pros and cons o...
Cross site scripting
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0177
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0177
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0177
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
DEBIAN-CVE-2007-0177
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0177
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0177
Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Hacking AJAX DWR Applications
By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...
Cross site request forgery (csrf)
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the 1 FDF, 2 xml, and 3 xfdf AJAX request parameters, following the hash character, aka...
Crlf injection
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the...
Double free
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...
CVE-2007-0046
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...
CVE-2007-0045
Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...
CVE-2007-0046
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...
CVE-2007-0045
Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...