546 matches found
CutePHP CuteNews 1.4.1 Index.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16961/info CuteNews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. A...
Game-Panel 2.6 Login.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16979/info Game-Panel is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content...
Link Bank Iframe.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17001/info Link Bank is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. ...
Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17658/info Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content. An attacker could exploit this issue via...
CXF: HTML content posted to SOAP endpoint could cause OOM errors
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...
CXF: HTML content posted to SOAP endpoint could cause OOM errors
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...
Open-Xchange Security Advisory 2014-01-06
Open-Xchange Security Advisory 2014-01-06 Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30203 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.0 and earlier Vulnerable component: backend Fixe...
Firefox < 25.0 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by multiple vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...
Spoofing addressbar though SELECT element — Mozilla
Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks...
KnowledgeView Editorial and Management application cross-site scripting vulnerability
Overview KnowledgeView Editorial and Management application contains a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' KnowledgeView Editorial and Management application contains a...
http-devframework NSE Script
Tries to find out the technology behind the target website. The script checks for certain defaults that might not have been changed, like common headers or URLs or HTML content. While the script does some guessing, note that overall there's no way to determine what technologies a given site is...
Open-Xchange Security Advisory 2013-06-03
Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...
Oracle Linux 4 : thunderbird (ELSA-2008-0616)
From Red Hat Security Advisory 2008:0616 : Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbi...
Oracle Linux 4 : thunderbird (ELSA-2011-0312)
From Red Hat Security Advisory 2011:0312 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...
Penske Media Corporation Cross Site Scripting
---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...
Rollingstone.com Cross Site Scripting
---------------------------------------------------------------------------------------------------- Title : Rollingstone.com reflected Cross Site Scripting XSS vulnerability Vendor : Wenner Media http://www.jannswenner.com/ Description : Rollingstone.com web-site is vulnerable to reflected...
select element persistence allows for attacks — Mozilla
Security researcher David Bloom of Cue discovered that elements are always-on-top chromeless windows and that navigation away from a page with an active menu does not remove this window.When another menu is opened programmatically on a new page, the original menu can be retained and arbitrary HTM...
HTTP header injection - ownCloud
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...
Server: HTTP header injection
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. For more information please consult the official advisory. This advisory is...
Scientific Linux Security Update : thunderbird on SL4.x,SL5.x i386/x86_64
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. CVE-2011-0080...