CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

phpBB <= 2.0.19 XSS Remote Cookie Disclosure Exploit

Exploit for unknown platform in category web applications ==================================================== phpBB tag means that the cursor must pass it in the y direction only. e.g. the mouse only needs to cross a point horrizontaly equal to the link in order for the javascript to be executed...

CVE-2005-4501

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...

CVE-2005-4150

The CVE-2005-4150 entry describes a Cross-site scripting (XSS) vulnerability in the portal login page of Computer Associates CleverPath 4.7. Affects CleverPath 4.7; the vectors are described as unknown in the provided description. The NVD metrics list a CVSS v2 base score of 4.3 (Medium) with imp...

fuseXSS.txt

This was discovered by myself over the weekend. I cant find out what versions of fusebox this vulnerability is in but seeing as it affects the main fusebox page I can only assume it is the latest v4.1.0 and possibly some older versions. According to the Fusebox site, What is Fusebox? Fusebox is a...

Mozilla Suite: Multiple vulnerabilities

Background The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor. Description The following vulnerabilities were found and fixed in the Mozilla Suite: "mozbugra4" and "shutdown" discovered that th...

Important: Red Hat Security Advisory: mozilla security update

Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug wa...

CVE-2002-2031

Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results...

CVE-2002-2031

Affected software: Internet Explorer 5.0, 5.0.1 and 5.5. Vulnerability details: When JavaScript execution is enabled, a script tag with a src attribute referencing a non-JavaScript file can be used to determine the existence of arbitrary files, by leveraging the onError event handler to observe r...

FreeBSD : firefox -- PLUGINSPAGE privileged javascript execution (ce6ac624-aec8-11d9-a788-0001020eed82)

A Mozilla Foundation Security Advisory reports : When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute...

horde -- XSS vulnerabilities

A Hyperdose Security Advisory reports: Horde contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and...

Debian DSA-051-1 : netscape - unexpected javascript execution

Florian Wesch has discovered a problem reported to bugtraq with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page. This allows JavaScript execution in the 'about:' protocol and can for example be used to...

Debian DSA-073-1 : imp - 3 remote exploits

The Horde team released version 2.2.6 of IMP a web-based IMAP mail program which fixes three security problems. Their release announcement describes them as follows : - A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get scripts from...

CVE-2001-1352

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter...

CVE-2001-1351

CVE-2001-1351 concerns a cross-site scripting vulnerability in Namazu 2.0.8 and earlier. The issue allows remote attackers to execute arbitrary JavaScript in the context of other web users when displaying hit numbers, via the index file name shown in results. Affected component: Namazu search int...

lostBook v1.1 Javascript Execution

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: lostBook vendor: veryLost verylost.tk Affected Versions: 1.1 and lower Description: A simple flat db guestbook Vulnerabilities: XSS Date: July 29, 2004 Vuln Finder: r3d5pik3 me...

Microsoft Outlook Express - JavaScript Execution

Microsoft Outlook Express - JavaScript Execution From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to test milw0rm.com 2004-07-13...

MS Outlook Express Javascript Execution Vulnerability

Exploit for unknown platform in category remote exploits ===================================================== MS Outlook Express Javascript Execution Vulnerability ===================================================== From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to...

MSOE Javascript Execution Vulnerability

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net Outlook Express Window Opener Script Execution Vulnerability Tested Microsoft Outlook Express version 6.0.2800.1123. Microsoft Windows XP sp2 Discussion Microsoft Outlook Express is prone to a vulnerabili...

Microsoft Outlook Express - JavaScript Execution

From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to test milw0rm.com 2004-07-13...