4727 matches found
Proxomitron Naoko-4 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3087/info Proxomitron is a free web proxy server. Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for script cod...
Microsoft SharePoint Server 2007 XSS Vulnerability
No description provided by source. Vulnerability ID: HTB22350 Reference: http://www.htbridge.ch/advisory/xssinmicrosoftsharepointserver2007.html http://www.microsoft.com/technet/security/advisory/983438.mspx Product: Microsoft SharePoint Server 2007 Vendor: Microsoft Corporation Vulnerable Versio...
gp easy CMS Minishop 1.5 Plugin Persistent XSS
No description provided by source. Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The...
frog cms 0.9.5 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22685 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010...
PlumeCMS <= 1.2.4 - Multiple Persistent XSS
No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS = 1.2.4 Multiple Persistent XSS Date : 04-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com...
Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28946/info Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to...
Hyperic HQ 3.2 - 4.2-beta1 - Multiple XSS
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...
MS IE 4/5/5.5/5.0.1 external.NavigateAndFind() Cross-Frame Vulnerability
No description provided by source. Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet Explorer for Unix 5.0 external.NavigateAndFi...
html-edit CMS Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Typ...
PHPDug 2.0.0 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type:...
PHP MicroCMS 1.0.1 CSRF and XSS Vulnerabilities
No description provided by source. Vulnerability ID: HTB22765 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpmicrocms.html Product: PHP MicroCMS Vendor: ApPHP http://www.apphp.com/ Vulnerable Version: 1.0.1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability...
BEdita 3.0.1.2550 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22729 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinbedita.html Product: BEdita Vendor: Chialab & ChannelWeb http://www.bedita.com/ Vulnerable Version: 3.0.1.2550 betula and probably prior versions Vendor Notification: 30 November 201...
VideoGirls forum.php t Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36168/info VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context...
support.software.dell.com Cross Site Scripting
Advisory: support.software.dell.com Cross-Site Script Vulnerability XSS Advisory ID: 14062014 Author: Roberto Garcia @1gbDeInfo Affected Software: Successfully tested on support.software.dell.com Vendor URL: https://support.software.dell.com Vendor Status: informed and solved, but nobody told m...
Updated iceape packages fix multiple vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...
CVE-2014-1539
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
PHPYUN cloud talent system background CSRF Getshell-a vulnerability warning-the black bar safety net
phpyun background no authentication token, by the CSRF directly getshell First, from the background getshell start. The web site's configuration file,/plus/config.php using double quotes to do the key value, which leads to security issues. We can put php code to write into the double quotes insid...
Coremail邮件系统存储型XSS之二
简要描述: 设计错误导致可执行恶意JavaScript代码并窃取用户cookies 详细说明: 将特制的swf文件作为附件发送给受害者(这里可以选择在过节的时候下手,比如将文件名改称新年贺卡.swf): swf文件的AS代码如下(将就着看吧,东拼西凑整出来的): package import flash.external.ExternalInterface; import flash.display.Sprite; import flash.display.Sprite; import flash.events.Event; import flash.net.URLLoader;...
CVE-2014-1770
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function...