CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

Directory traversal

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

CVE-2011-3229

CVE-2011-3229 describes a directory-traversal in Safari’s handling of safari-extension:// URLs, enabling remote attackers to execute arbitrary JavaScript within the context of installed Safari Extensions. Affected: Safari 5.0 and later on Mac OS X and Windows (per OpenVAS/PacketStorm references),...

CVE-2011-3229

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...

GoAhead Webserver multiple stored XSS vulnerabilities

Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...

CVE-2011-2881

Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

Memory corruption

Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

CVE-2011-2881

CVE-2011-2881 corresponds to multiple vulnerability entries affecting Google Chrome before 14.0.835.202 . The issue stems from improper handling of Google V8 hidden objects , allowing a remote attacker to cause a denial of service via memory corruption (and possibly other impact). Public referenc...

CVE-2011-2881

Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via JavaScript code containing a large RegExp expression...

Integer overflow

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via JavaScript code containing a large RegExp expression...

ProjectForum XSS vulnerability

Overview ProjectForum 7.0.1.3038 and possibly previous versions, are vulnerable to cross site scripting XSS. Description CourseForum's ProjectForum software fails to sanitize all input fields. As a result, cross site scripting XSS attacks can be conducted. By default, a non-credentialed user can...

Advisory: Dolphin Browser HD Cross-Application Scripting

1 Background ============ Android applications are executed in a sandbox environment, to ensure that no application can access sensitive information held by another, without adequate privileges. For example, the Dolphin browser application holds sensitive information such as cookies, cache and...

ManageEngine ServiceDesk Plus <= 8.0 Build 8013 Authentication Bypass Vulnerability

ManageEngine ServiceDesk Plus is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple XSS.

PMASA-2011-14 Announcement-ID: PMASA-2011-14 Date: 2011-09-14 Summary Multiple XSS. Description Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities...

Multiples Vulnerabilities in ManageEngine ServiceDesk Plus

Core Security - Corelabs Advisory 1. Advisory Information Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL: http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp Date published: 2011-09-14 Date of last update:...

phpMyAdmin -- multiple XSS vulnerabilities

phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...

Joomla Simple File Lister 1.0 Directory Traversal

Exploit Title: Joomla Simple File Lister module = 1.0 Directory Traversal Vulnerability Google Dork: "Simple File Lister v1.0" "Files in directory" Date: 2011-08-28 Author: evilsocket evilsocket at gmail dot com Software Link:...

DragDropCart Cross Site Scripting

Exploit Title: DragDropCart E-Commerce System Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: search.php yaxaluser.php Example: search.php?search= Exploit: "/...