XSS vulnerability in guestbook-php-script

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

Cross site scripting

Cross-site scripting XSS vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags...

Cross site scripting

Cross-site scripting XSS vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag...

Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. CAN-2005-1937 In several places the browser user interface did not...

phpBB < 2.0.19 Multiple XSS

According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may allow an attacker to inject hostile JavaScript into the forum system to steal cookie credentials o...

[Full-disclosure] Php Web Statistik Multiple Vulnerabilities

PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...

zoomblogJS.txt

DETAILS Zoomblog is prone to javascript injection attacks. Zoomblog does not adequately filter tags from various fields. It is possible for a malicious Zoomblog user to inject hostile javascript code into the commentary via form fields. This code may be rendered in the browser of a web user who...

[Full-disclosure] Buggy blogging

Portcullis Security Advisory Tim Brown [email protected] - www.portcullis-security.com [email protected] - www.nth-dimension.org.uk Vulnerable System: Movable Type Vulnerability Title: Username and password hash for administration interface stored in cookie. Vulnerability...

Oracle 9iAS iSQLplus XSS

The login-page of Oracle9i iSQLplus allows the injection of HTML and Javascript code via the username and password parameters. Description : The remote host is running a version of the Oracle9i 'isqlplus' CGI which is vulnerable to a cross site scripting issue. An attacker may exploit this flaw t...

Flat Nuke Cross Site Scripting

Web Site: Vulnerable: FlatNuke = 2.5.6 This script is possibly vulnerable to Cross Site Scripting XSS attacks Malicious users may inject JavaScript, VBScript, ActiveX, into a vulnerable application to fool a user in order to gather data from them. Affects...

XSS Vulnerability in MIVA Merchant 5 - Includes Fix

MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled core-4...

CVE-2005-2442

CVE-2005-2442 concerns a Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196. The connected documents confirm the issue arises in WebInspect and enables remote attackers to inject Javascript from one application into another (XAS), with remote exploitation described...

security flaw

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...

McAfee Intrushield IPS Abuse

/ $ An open security advisory 8 - McAfee Intrushield IPS Management Console Abuse 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Local / Remote $ This advisory and/or proof of concept code must not be used for...

CVE-2002-1688

This CVE concerns Microsoft Internet Explorer versions 5.5–6.0, where the browser history feature can be abused to execute arbitrary JavaScript in the context of a user session. An attacker can inject JavaScript into the URL, which is executed when the user clicks Back, allowing remote script exe...

CVE-2005-1659

CVE-2005-1659 : MyServer 0.8 is vulnerable to cross-site scripting via filemanager.cpp. An attacker can craft a URL containing a triple dot ("...") followed by an onmouseover event to inject arbitrary Javascript. Public sources (NVD/Red Hat/OpenVAS) consistently describe XSS affecting MyServer 0....

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...

security flaw

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

security flaw

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

firefox -- arbitrary code execution from sidebar panel

A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...