CVE-2007-4818

CVE-2007-4818 concerns multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 . The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the doc_root parameter to particular module files: (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, and...

Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities ==========================================================...

Txx CMS 0.2 - Multiple Remote File Inclusions

Txx CMS 0.2 - Multiple Remote File Inclusions :::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || |||...

CVE-2007-4320

CVE-2007-4320 pertains to Ncaster 1.7.2, where a PHP remote file inclusion vulnerability exists in admin/addons/archive/archive.php. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL through the adminfolder parameter. Public references (Exploit-DB, Secunia, X-Force...

SeaMonkey < 1.1.4 Multiple Vulnerabilities

The installed version of SeaMonkey allows unescaped URIs to be passed to external programs, which could lead to execution of arbitrary code on the affected host subject to the user's privileges, and could also allow privilege escalation attacks against addons that create 'about:blank' windows and...

Mozilla Foundation Security Advisory 2007-26

Mozilla Foundation Security Advisory 2007-26 Title: Privilege escalation through chrome-loaded about:blank windows Impact: Moderate Announced: July 30, 2007 Reporter: mozbugra4 Products: Firefox 2.0.0.5, Thunderbird 2.0.0.5, SeaMonkey 1.1.3 Fixed in: Firefox 2.0.0.6 Thunderbird 2.0.0.6 Thunderbir...

Mozilla multiple addons upgrade weakness

Upgrade mechanism of multiple addons allows upgrade via unsecure HTTP connection without using of SSL/TLS certificates, makeing active man-in-the-middle attacks possible...

Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

Remote file inclusion

PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the 1 REXINCLUDEPATH parameter in a addons/importexport/pages/index.inc.php and b pages/community.inc.php...

CVE-2006-2843

PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the 1 REXINCLUDEPATH parameter in a addons/importexport/pages/index.inc.php and b pages/community.inc.php...

Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. CAN-2005-1937 It was discovered that a malicious website could injec...

Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. CAN-2005-1937 In several places the browser user interface did not...

USN-157-1: Mozilla Thunderbird vulnerabilities

Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. CAN-2005-0989 Georgi Guninski discovered that the types of certain XPInstal...

USN-155-1: Mozilla vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...