CVE-2012-3965

Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...

gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting

Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...

gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting

gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link:...

gp Easy CMS Minishop 1.5 Cross Site Scripting

Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...

Websense (Triton 7.6) Stored Cross Site Scripting

======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ======== Discovered: 2 November 2011...

NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI

======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ========...

Kaseya 6.2.0.0 Cross Site Scripting

Summary The Kaseya version 6.2.0.0 web interface and possibly other versions is vulnerable to Cross-Site Scripting in the "adminName" variable. 2. Description By submitting malicious input such as the following, it is possible to render javascript in the security context of the Kaseya server:...

Code injection

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...

XSS Vulnerability discovered on Paypal

XSS Vulnerability discovered on Paypal Vansh and Vaibhuv two Indian Hacker found a XSS vulnerability in world famous site Paypal. Paypal is affected by an XSS vulnerability where it fails to validate input. One can add arbitrary javascript with no need for any filter evasion. This is a serious...

Project Open Cross Site Scripting

Vulnerability Title: Project Open po - "account-closed.tcl" Reflective Cross Site Scripting Author: Michail Poultsakis Date of Vendor and CERT Contact: 2011.12.08 Publication Date: 2012.02.02 Product Link: http://www.project-open.com Affected Product Version: 3.4.x Project Open po version 3.4.x...

Directory traversal

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

DragDropCart Cross Site Scripting

Exploit Title: DragDropCart E-Commerce System Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: search.php yaxaluser.php Example: search.php?search= Exploit: "/...

Code injection

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

Cross site scripting

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...

CVE-2011-2357

CVE-2011-2357 describes a cross-application scripting flaw in Android’s Browser URL loading, enabling a non-privileged app to inject JavaScript into arbitrary domains and break sandboxing. The vulnerability has two exploitation vectors: (1) exhausting MAX_TABS and loading a target URL followed by...

CVE-2011-2357

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

Nakid CMS 1.0.2 Cross Site Scripting

------------------------------------------------------------------------ Software................Nakid CMS 1.0.2 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.nakid.org/ Discovery Date..........6/1/2011 Tested...

Apache Archiva 1.3.4 Cross Site Scripting

Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...