phpmyadmin -- arbitrary file include and XSS vulnerabilities

A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...

[Full-Disclosure] XSS VULNERABILITY AT MODULE PostWrap

Bonjour, Albania Security Clan vient de decouvrir une vulnebalirite de type XSS dans le module PostWrap le problem est au niveu de /index.php?module=PostWrap&page=http://hostename.com/HACK/asc/ascmd.txt c n'est po une php injection parce que c'est protege mais on peux injecter des comandes XSS, d...

Security Advisory: BiTBOARD xss

Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

CVE-2004-2174

Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

YaBB Shadow BBCode Tag XSS

The remote host is using the YaBB web forum software. According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using shadow or glow tags. This may allow an attacker to inject hostile JavaScript into the forum system, to steal cookie...

Google Toolbar 1.1.x - About.HTML HTML Injection

source: https://www.securityfocus.com/bid/11210/info Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code. This vulnerability may allow an attacker to inject malicious HTML and...

Mozilla Firefox < 2.0.0.15 Multiple Vulnerabilities

Binary data 4567.prm...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

Binary data 4568.prm...

CVE-2004-1712

Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...

Microsoft Internet Explorer - Overly Trusted Location Cache

Microsoft Internet Explorer - Overly Trusted Location Cache Overly Trusted Location Variant Method Cache Vulnerability GO! This vulnerability seems to be unstable. For some reason, it crashes my internet explorer unless the exploit is executed onlo +ad and even then it crashes sometimes. var...

MS Internet Explorer Remote Application.Shell Exploit

Exploit for unknown platform in category remote exploits ===================================================== MS Internet Explorer Remote Application.Shell Exploit ===================================================== function InjectedDuringRedirection...

ArbitroWeb v0.6 Javascript injection vulnerability

vendor: ArbitroWeb about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of scripts, all URL's contained will be adjusted/mangled to it's own scripts. date: june 22nd, 2004 vendor status: ? problem: javascript can be injected into the...

[Full-Disclosure] Blogger XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------ BLOGGER XSS VULNERABILITY - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?470 Severity : Moderately Critical for Members Permanent Accou...

Sandblad #12: Inject javascript url in history list &#40;revisited&#41;

Sandblad advisory 12 - /--------------------------------------------------------------/ Title: Inject javascript url in history list revisited Date: 2004-02-03 Software: Internet Explorer Vendor: http://www.microsoft.com/ Status: Patched by MS04-004 Type: Cross site/zone scripting Impact: Reading...

JSinject.txt

Sandblad advisory 12 - /--------------------------------------------------------------/ Title: Inject javascript url in history list revisited Date: 2004-02-03 Software: Internet Explorer Vendor: http://www.microsoft.com/ Status: Patched by MS04-004 Type: Cross site/zone scripting Impact: Reading...

Yahoo messanger crossite scripting

By using ymsgr: it's possible to inject javascript...

Yahoo Messenger Flaw allows injection of JavaScript into IM Windows

Title: Yahoo Messenger Flaw allows injection of JavaScript into IM Windows Author: Chet Simpson [email protected] Date: December 5th, 2003 Host Platforms tested: WindowsME and WindowsXP sp1a Target Applications tested: Yahoo Messenger 5.5 Build 1249 Yahoo Messenger 5.6 Build 1355 Target...

jchat box advisory

Продукт: jChatBox Версия: 2.5 Разработчик: JavaZOOM Адрес: http://www.javazoom.net Уязвимость: Внедрение HTML code и JavaScript code, чтение приватов, флуд. Найдено: Navy, Xboy. Итак, взлом чата происходит через ник. В случае если отключен фильтр на "" и "" работает вариант номер 1. Способ №1:...