9119 matches found
Mozilla Foundation Security Advisory 2007-32
Mozilla Foundation Security Advisory 2007-32 Title: File input focus stealing vulnerability Impact: Moderate Announced: October 18, 2007 Reporter: hong, Charles McAuley Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description A user on the Sla.ckers.org forums named hong...
PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities
Exploit for unknown platform in category web applications =================================================================== PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities =================================================================== PHP Project Management = 0.8.10...
File input focus stealing vulnerability — Mozilla
A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the...
openSUSE 10 Security Update : seamonkey (seamonkey-1952)
This security update brings Mozilla SeaMonkey to version 1.0.4. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference...
CVE-2007-5422
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module BSM in Sun Solaris 10, when configured for auditing of networking nt events, allows local users to cause a denial of service panic via unspecified vectors...
CVE-2007-5187
SQL injection vulnerability in infusions/calendareventspanel/showsingle.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter...
CVE-2007-5187
The CVE-2007-5187 entry describes a SQL injection vulnerability in the Expanded Calendar 2.x module for PHP-Fusion, specifically in infusions/calendar_events_panel/show_single.php, where an attacker can pass input through the sel parameter to execute arbitrary SQL commands. This is tied to remote...
phpfusionex-sql.txt
?php printr" / Expanded Calendar 2.x PHP-Fusion module User pass disclosure exploit Found by Matrix86 of Rbt-4 Crew Site: www.rbt-4.net Mail: infoatrbt-4dotnet Bug found in /infusions/calendareventspanel/showsingle.php Line: 27 Vulnerability type: Sql injection Unpatched! Patch: Line 26:...
PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================= PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit ============================================================= ?php printr" / Expanded Calendar 2.x PHP-Fusion modul...
CVE-2007-3761
Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain...
CVE-2007-3761
Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain...
Unfixed XSS vulnerability at www.mediabistro.com
Security researcher Narcoticxs, has submitted on 27/09/2007 a cross-site-scripting XSS vulnerability affecting www.mediabistro.com, which at the time of submission ranked 7888 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2007. It is...
PT-2007-5002 · Apple · Iphone
Name of the Vulnerable Software and Affected Versions: Apple iPhone version 1.1.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. This is a general information abo...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the AkoBook 3.42 and earlier component comakobook for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the 1 gbmail and 2 gbpage parameters in the sign function...
CVE-2007-4745
Multiple cross-site scripting XSS vulnerabilities in the AkoBook 3.42 and earlier component comakobook for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the 1 gbmail and 2 gbpage parameters in the sign function...
CVE-2007-4745
AkoBook 3.42 and earlier (component com_akobook) for Mambo contain multiple cross-site scripting (XSS) vulnerabilities. The issue arises in the sign function, where attacker-controlled Javascript events in the parameters (gbmail and gbpage) can be injected to execute scripts in the victim’s brows...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...
moonware-multi.txt
Moonware Software Multiple Vulnerabilities by s0cratex -------- MSN: s0cratexatnasadotgov Moonware Homepage: http://dalemooney.lost-soldiers.com I. Moon Gallery ---- ------- Bug: Arbitrary file upload Dork: "Powered by: Dale Mooney Gallery" Details: The file /config/upload.php don't have any...
Dale Mooney Calendar Events - Viewevent.php SQL Injection
Dale Mooney Calendar Events - Viewevent.php SQL Injection source: https://www.securityfocus.com/bid/25456/info Calendar Events is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...
Dale Mooney Calendar Events - 'Viewevent.php' SQL Injection
source: https://www.securityfocus.com/bid/25456/info Calendar Events is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...