457 matches found
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...
Potential XSS Vulnerability in Ruby on Rails
The HTML escaping code in Ruby on Rails does not escape all potentially dangerous characters. In particular the code does not escape the single quote character. The helpers used in Rails itself never use single quotes, so most applications are unlikely to be vulnerable, however all users running ...
FreeBSD : rubygem-rails -- multiple vulnerabilities (31db9a18-e289-11e1-a57d-080027a27dbf)
Rails core team reports : This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using selecttag's prompt option and striptags helper from ActionPack...
rubygem-rails -- multiple vulnerabilities
Rails core team reports: This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using selecttag's prompt option and striptags helper from ActionPack...
Fedora 15 : rubygem-actionpack-3.0.5-5.fc15 (2012-0626)
A cross-site scripting XSS flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. This release fixes the bug. Note that Tenable Network Security has...
Firefox file location escaping flaw
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...
CVE-2008-2808
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...
Cross site scripting
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...
Firefox file location escaping flaw
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...
w3m Vulnerability of Unauthorized Access to Files or Cookies
Overview w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies. Impact An remote attacker could access files and cookies. Solution Please refer to the 'Vendor Information' section for official remediation and take...
Cross site scripting
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...
CVE-2007-1878
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...
DEBIAN-CVE-2007-1840
lib/modules.inc in LDAP Account Manager LAM before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting XSS...
[SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 541-1 [email protected] http://www.debian.org/security/ Martin Schulze August 24th, 2004 http://www.debian.org/security/faq -...
Mozilla Firefox < 2.0.0.15 Multiple Vulnerabilities
Binary data 4567.prm...
DSA-250 w3mmee-ssl - missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send their local cookies...