4727 matches found
Microsoft SharePoint Server 2007 - Cross-Site Scripting
Microsoft SharePoint Server 2007 - Cross-Site Scripting Vulnerability ID: HTB22350 Reference: http://www.htbridge.ch/advisory/xssinmicrosoftsharepointserver2007.html http://www.microsoft.com/technet/security/advisory/983438.mspx Product: Microsoft SharePoint Server 2007 Vendor: Microsoft...
Ubuntu Update for moin vulnerabilities USN-925-1
Ubuntu Update for Linux kernel vulnerabilities USN-925-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9251.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for moin vulnerabilities USN-925-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Microsoft Internet Explorer Denial of Service Vulnerability (Mar 2010)
Internet Explorer is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Internet Explorer Denial of Service Vulnerability - Mar10
This host is installed with Internet Explorer and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: secpodmsiedosvulnmar10.nasl 5394 2017-02-22 09:22:42Z teissa $ Microsoft Internet Explorer Denial of Service Vulnerability - Mar10 Authors: Antu Sanadi Copyright: Copyrig...
CVE-2010-1127
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted JavaScript code, as demonstrated by setting the 1...
CVE-2010-1127
CVE-2010-1127 affects Microsoft Internet Explorer 6 and 7. The vulnerability arises when executing the createElement method, where certain data structures are not initialized, enabling a remote attacker to cause a denial of service via crafted JavaScript. Specifically, setting the (1) outerHTML o...
Code injection
The evaljs function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code...
CVE-2010-0011
The evaljs function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code...
CVE-2010-0011
The evaljs function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code...
CVE-2010-0011
The evaljs function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code...
Debian DSA-1886-1 : iceweasel - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3079 'mozbugra4' discovered that a programming error in the FeedWriter...
Silverstripe <= v2.3.4: XSS vulnerabilities
No description provided by source. Silverstripe CMS, http://silverstripe.org/, version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the 'CommenterURL'...
Mozilla Foundation Security Advisory 2009-70
Mozilla Foundation Security Advisory 2009-70 Title: Privilege escalation via chrome window.opener Impact: Moderate Announced: December 15, 2009 Reporter: David James Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1 Description Security researcher David James...
Billwerx RC v3.1 Multiple Vulnerabilities
No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...
oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force
oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip...
CVE-2009-4148
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...
Design/Logic Flaw
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...
CVE-2009-3576
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents aka .scntoc file with a ScriptContent element, as demonstrated by code that loads the WScript.Shell ActiveX control...
Mozilla Firefox Chrome Page Loading Restriction Bypass (CVE-2005-2706)
The Firefox and Mozilla web browsers are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so on. The web browser implements security restrictions on the execution of scripts and access to certain resources based on the orig...
Chrome privilege escalation in XPCVariant::VariantDataToJS() — Mozilla
Mozilla security researcher mozbugra4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web...