Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element...

XSS in gopher parser when parsing hrefs — Mozilla

Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the...

iscripts Socialware 2.2.x - Multiple Vulnerabilities

iscripts Socialware 2.2.x - Multiple Vulnerabilities /iScripts SocialWare 2.2.x Multiple Remote Vulnerability Name iScripts SocialWare Vendor http://www.iscripts.com Versions Affected 2.2.x Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at...

Joomla! Component Article Factory Manager - Arbitrary File Upload

vendor :http://www.thefactory.ro/shop/joomla-components/article-manager.html ooooo .oooooo. oooooo oooooo oooo 888' d8P' Y8b 888. 888. .8' 888 888 888. .8888. .8' 888 888 888 .8'888. .8' 888 888 888.8' 888.8' 888 88b ooo 888' 888' o888o Y8bood8P' 8' 8'...

Internet Explorer HTML Tag Memory Corruption (MS06-013; CVE-2006-1188)

Microsoft Internet Explorer IE is the most widely used web browser application today. The browser is capable of processing HTML, scripting languages, and interpretation of various other popular Internet specifications. There are numerous versions of the HTML standard that are interpreted by the...

Hijacking Opera's Native Page using malicious RSS payloads

Hijacking Opera's Native Page using malicious RSS payloads ---------------------------------------------------------------------------- --------- For complete post with images, please visit - http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicio us-rss-payloads/ Well, this...

Buffer overflow

Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 "a" HTML tag; a long src attribute in 2 embed, 3 img, or 4 script tags; 5 a long background attribute in a body tag; and...

CVE-2008-6897

Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 "a" HTML tag; a long src attribute in 2 embed, 3 img, or 4 script tags; 5 a long background attribute in a body tag; and...

CVE-2008-6897

Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 "a" HTML tag; a long src attribute in 2 embed, 3 img, or 4 script tags; 5 a long background attribute in a body tag; and...

Gigaset SE461 WiMAX Router - Remote Denial of Service

Gigaset SE461 WiMAX Router - Remote Denial of Service / / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Benkei Date : 2008-02-08 Vendor : Siemens Affecte...

Gigaset SE461 WiMAX Router - Remote Denial of Service

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Benkei Date : 2008-02-08 Vendor : Siemens Affected product : Gigaset SE461 WiMAX router Firmware versio...

Siemens TCP/53 Denial Of Service

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Benkei Date : 2008-02-08 Vendor : Siemens Affected product : Gigaset SE461 WiMAX router Firmware versio...

Amaya Web Editor XML and HTML parser Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Amaya web editor XML and HTML parser vulnerabilities 1. Advisory Information Title: Amaya web editor XML and HTML parser...

Amaya Web Editor 11.0 - XML / HTML Parser

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Amaya web editor XML and HTML parser vulnerabilities 1. Advisory Information Title: Amaya web editor XML and HTML parser vulnerabilities Advisory ID: CORE-2008-1211...

Stack overflow

Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags...

[SECURITY] Fedora 8 Update: lynx-2.8.6-12.fc8

Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed; Lynx starts and exits quickly and swiftly displays webpages...

MDaemon Server < 10.0.2 WordClient Script Insertion Vulnerability

MDaemon is prone to a script insertion vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:altn:mdaemon"; ifdescriptio...

amaya -- multiple buffer overflow vulnerabilities

Secunia reports: A boundary error when processing "div" HTML tags can be exploited to cause a stack-based buffer overflow via an overly long "id" parameter. A boundary error exists when processing overly long links. This can be exploited to cause a stack-based buffer overflow by tricking the user...

Sympa < 4.1.3 XSS Vulnerability

The remote web server contains a CGI script that is affected by a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Tenable Network Security Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

celoxis-xss.txt

==Background== From Celoxis.com: Celoxis is a comprehensive web based project management tool to improve collaboration and streamline management of projects, time sheets, expenses and even business processes specific to your organization ==Problem== The Celoxis project management software contain...