PT-2022-16891 · Combodi +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodi iTop versions prior to 2.7.6 and 3.0.0 Description: Combodi iTop is a web-based IT Service Management tool. The issue allows for cross-site scripting for scripts outside of script tags when displaying HTML attachments. There are...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management, and problem management functionality. A cross-site scripting vulnerability exists ...

Apache CouchDB permission permission and access control issues vulnerability

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.Apache CouchDB is vulnerable to a permission and access control issue that arises when an application fails to properly impose security restrictions and a remote authenticated user with permissio...

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

PT-2021-22017 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.1.2 Description: A malicious user with permission to create documents in a database can attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, any JavaScript code...

Apache CouchDB 跨站脚本漏洞

Apache CouchDB is a document-oriented database system developed by the Apache Foundation using Erlang.Apache CouchDB is vulnerable to a permission and access control issue that arises when an application fails to properly impose security restrictions and a remote authenticated user with permissio...

DEBIAN-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...

squirrelmail security and bug fix update

1.4.8-21.0.2.el5 - remove Redhat splash screen images from source 1.4.8-21.0.1.el5 - remove Redhat splash screen images - add README instead of README.RedHat 1.4.8-21 - change charset for zhCN and zhTW to utf-8 508686 1.4.8-20 - fix header encoding issue 241861 - fix code producing warnings in th...

Cross site scripting

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting XSS and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the 1 User.id and 2 Library.queryText parameters to gw/webacc, and other vectors involving 3 HTML e-mai...

[SA15962] Novell Netmail Script Insertion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Add a generic HTML cleaning service

This will be able to be used by all components that need to display untrusted HTML: including HTML attachments, RSS feeds, and the html-include macro...

iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting

iPlanet Messaging Server 5.05.1 - HTML Attachment Cross-Site Scripting source: https://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via...

Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)

Using some informations posted on Bugtraq in this week, I found a very simple way to exploit "download&execution" of an .EXE file, directly from Outlook Express. This is my report: When an HTML page attached into a message, is started, it runs in the security zone of "Temporary Internet Files" TI...