Celestial Software AbsoluteTelnet 2.0/2.11 Title Bar Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6785/info A buffer overflow vulnerability was reported for AbsoluteTelnet. The vulnerability exists due to insufficient bounds checking performed when setting the title bar of the client. An attacker can exploit this...

Onecenter Forum 4.0 IMG Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7441/info OneCenter ForumOne 4.0 is a full-featured, web-based group discussion forum. A problem with Onecenter ForumOne could allow remote users to execute arbitrary code in the context of the web site hosting ForumOne...

PHPWebSite 0.8.3 Article.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5864/info phpWebSite is prone to cross-site scripting attacks. This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, an attacker may...

ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1314/info Due to a faulty mechanism in the password parsing implementation in authentication requests, it is possible to launch a denial of service attack against Allaire ColdFusion 4.5.1 or previous by inputting a string...

Google Chrome Silent HTTP Authentication

No description provided by source. Exploit Title: Google Chrome Silent HTTP Authentication Date: 2-5-2013 Exploit Author: T355 Vendor Homepage: http://www.google.com/chrome Version: 24.0.1312.57 Tested on: Tested on: Windows 7 & Mac OSX Mountain Lion CVE : n/a VULNERABILITY DETAILS The latest...

Open-Xchange Security Advisory 2014-02-10

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30820 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev31, 7.4.0-rev27,...

Mozilla Thunderbird vulnerability allows hackers to Insert malicious code into Emails

Do you use Thunderbird, a free; open-source; cross-platform application for managing email and news feeds? According to a Pakistani Security Researcher from Vulnerability-Lab, a flaw gives an attacker the ability to run code on a user’s machine. Mozilla Thunderbird 17.0.6 email application is...

Mozilla Fixes Filter Bypass Bug in Thunderbird

Mozilla has fixed a serious vulnerability in its Thunderbird email application that enables an attacker to bypass the filter in Thunderbird that prevents HTML tags from being used in messages. Exploiting the bug could give an attacker the ability to run code on a user’s machine. The vulnerability...

Open-Xchange Security Advisory 2014-01-06

Open-Xchange Security Advisory 2014-01-06 Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30203 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixe...

PT-2014-92: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the func.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to...

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit SET v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get...

Open-Xchange Security Advisory 2013-09-30

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28642 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: prior to 7.2.2 Vulnerable component: backend Fixed version: 7.0.2-rev16, 7.2.2-rev20 Report...

CentOS Update for elinks CESA-2013:0250 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Google Chrome - Silent HTTP Authentication

Exploit Title: Google Chrome Silent HTTP Authentication Date: 2-5-2013 Exploit Author: T355 Vendor Homepage: http://www.google.com/chrome Version: 24.0.1312.57 Tested on: Tested on: Windows 7 & Mac OSX Mountain Lion CVE : n/a VULNERABILITY DETAILS The latest version of Google Chrome Tested on...

CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

lifetype 1.2.11 CSRF Add User

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title := lifetype 1.2.11 CSRF Add User Date := 05/april/2012 Author := khaled-Ham Software link :...

Lilith: Perl script to audit web applications

Lilith: Perl script to audit web applications Lilith tool analyses webpages and looks for htmltags , which often refer to dynamic pages that might be subject to SQL injection or other flaws.Lilith basic function is to spider and analyses pages, following hyperlinks, injecting special characters...

Mozilla Foundation Security Advisory 2010-77

Mozilla Foundation Security Advisory 2010-77 Title: Crash and remote code execution using HTML tags inside a XUL tree Impact: Critical Announced: December 9, 2010 Reporter: wushi Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.13 Firefox 3.5.16 SeaMonkey 2.0.11 Description Security researcher...