Lucene search
K

9119 matches found

securityvulns
securityvulns
added 2007/10/23 12:0 a.m.78 views

Mozilla Foundation Security Advisory 2007-32

Mozilla Foundation Security Advisory 2007-32 Title: File input focus stealing vulnerability Impact: Moderate Announced: October 18, 2007 Reporter: hong, Charles McAuley Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description A user on the Sla.ckers.org forums named hong...

4.3CVSS6AI score0.09648EPSS
Exploits2
0day.today
0day.today
added 2007/10/21 12:0 a.m.23 views

PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities =================================================================== PHP Project Management = 0.8.10...

7.1AI score
Exploits0
Mozilla
Mozilla
added 2007/10/18 12:0 a.m.36 views

File input focus stealing vulnerability — Mozilla

A user on the Sla.ckers.org forums named hong reported that a file upload control could be filled programmatically by switching page focus to the label before a file upload form control for selected keyboard events. An attacker could use this trick to steal files from the users' computer if the...

4.3CVSS0.8AI score0.09648EPSS
Exploits2References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.34 views

openSUSE 10 Security Update : seamonkey (seamonkey-1952)

This security update brings Mozilla SeaMonkey to version 1.0.4. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems : - CVE-2006-3801/MFSA 2006-44: Code execution through deleted frame reference...

7.5CVSS8.8AI score0.78359EPSS
Exploits11References14
NVD
NVD
added 2007/10/12 9:17 p.m.20 views

CVE-2007-5422

Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module BSM in Sun Solaris 10, when configured for auditing of networking nt events, allows local users to cause a denial of service panic via unspecified vectors...

4.9CVSS6.2AI score0.00376EPSS
Exploits0References9
Cvelist
Cvelist
added 2007/10/03 2:0 p.m.19 views

CVE-2007-5187

SQL injection vulnerability in infusions/calendareventspanel/showsingle.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter...

8.4AI score0.04189EPSS
Exploits1References5
CVE
CVE
added 2007/10/03 2:0 p.m.41 views

CVE-2007-5187

The CVE-2007-5187 entry describes a SQL injection vulnerability in the Expanded Calendar 2.x module for PHP-Fusion, specifically in infusions/calendar_events_panel/show_single.php, where an attacker can pass input through the sel parameter to execute arbitrary SQL commands. This is tied to remote...

7.5CVSS8.4AI score0.04189EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2007/10/02 12:0 a.m.37 views

phpfusionex-sql.txt

?php printr" / Expanded Calendar 2.x PHP-Fusion module User pass disclosure exploit Found by Matrix86 of Rbt-4 Crew Site: www.rbt-4.net Mail: infoatrbt-4dotnet Bug found in /infusions/calendareventspanel/showsingle.php Line: 27 Vulnerability type: Sql injection Unpatched! Patch: Line 26:...

7.4AI score
Exploits0
0day.today
0day.today
added 2007/10/01 12:0 a.m.28 views

PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================= PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit ============================================================= ?php printr" / Expanded Calendar 2.x PHP-Fusion modul...

7.1AI score
Exploits0
NVD
NVD
added 2007/09/27 10:17 p.m.20 views

CVE-2007-3761

Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain...

4.3CVSS5.2AI score0.0192EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/09/27 10:0 p.m.26 views

CVE-2007-3761

Cross-site scripting XSS vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain...

5.2AI score0.0192EPSS
Exploits0References7
xssed
xssed
added 2007/09/27 12:0 a.m.6 views

Unfixed XSS vulnerability at www.mediabistro.com

Security researcher Narcoticxs, has submitted on 27/09/2007 a cross-site-scripting XSS vulnerability affecting www.mediabistro.com, which at the time of submission ranked 7888 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/10/2007. It is...

Exploits0References1
Positive Technologies
Positive Technologies
added 2007/09/27 12:0 a.m.5 views

PT-2007-5002 · Apple · Iphone

Name of the Vulnerable Software and Affected Versions: Apple iPhone version 1.1.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. This is a general information abo...

4.3CVSS5.1AI score0.0192EPSS
Exploits0References8
Prion
Prion
added 2007/09/06 10:17 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the AkoBook 3.42 and earlier component comakobook for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the 1 gbmail and 2 gbpage parameters in the sign function...

4.3CVSS6.1AI score0.01263EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/09/06 10:17 p.m.16 views

CVE-2007-4745

Multiple cross-site scripting XSS vulnerabilities in the AkoBook 3.42 and earlier component comakobook for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the 1 gbmail and 2 gbpage parameters in the sign function...

4.3CVSS5.8AI score0.01263EPSS
Exploits0References7
CVE
CVE
added 2007/09/06 10:0 p.m.45 views

CVE-2007-4745

AkoBook 3.42 and earlier (component com_akobook) for Mambo contain multiple cross-site scripting (XSS) vulnerabilities. The issue arises in the sign function, where attacker-controlled Javascript events in the parameters (gbmail and gbpage) can be injected to execute scripts in the victim’s brows...

4.3CVSS5.8AI score0.01263EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2007/09/05 7:17 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

4.3CVSS7.5AI score0.02135EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2007/08/28 12:0 a.m.24 views

moonware-multi.txt

Moonware Software Multiple Vulnerabilities by s0cratex -------- MSN: s0cratexatnasadotgov Moonware Homepage: http://dalemooney.lost-soldiers.com I. Moon Gallery ---- ------- Bug: Arbitrary file upload Dork: "Powered by: Dale Mooney Gallery" Details: The file /config/upload.php don't have any...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/08/27 12:0 a.m.10 views

Dale Mooney Calendar Events - Viewevent.php SQL Injection

Dale Mooney Calendar Events - Viewevent.php SQL Injection source: https://www.securityfocus.com/bid/25456/info Calendar Events is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/08/27 12:0 a.m.60 views

Dale Mooney Calendar Events - &#039;Viewevent.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/25456/info Calendar Events is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...

7AI score
Exploits0
Rows per page
Query Builder