4727 matches found
webshell431-xssxsrf.txt
======================================================================= . .. | | / / | | | | / \ / / /\ / / \ | | | / / \ /\ \| | / // / /\ \ / / / // http://www.lowsec.org ========================================================================...
Google Chrome回车远程拒绝服务漏洞
BUGTRAQ ID: 31375 CNCAN ID:CNCAN-2008092512 Google Chrome是一款GOOGLE公司开发的WEB浏览器。 Google Chrome处理回车输入存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 当回车\r\n\r\n作为参数传递给window.open函数时,可导致Google Chrome在同一时间中生成大量窗口而导致内存耗竭。构建恶意WEB页,诱使用户访问,可导致应用程序崩溃。 Google Chrome 0.2.149 30 Google Chrome 0.2.149 29 Google Chrome 0.2.149 ...
Design/Logic Flaw
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...
Critical: Red Hat Security Advisory: firefox security update
An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the...
Gentoo Security Advisory GLSA 200507-24 (mozilla)
The remote host is missing updates announced in advisory GLSA 200507-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200504-18 (Mozilla)
The remote host is missing updates announced in advisory GLSA 200504-18. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BOM characters, low surrogates stripped from JavaScript before execution — Mozilla
Microsoft developer Dave Reed reported that certain BOM characters are stripped from JavaScript code before it is executed. This can lead to code, which would otherwise be treated as part of a quoted string, to be executed. The issue could potentially be used by an attacker to bypass or evade...
XSS in RSS feed creation
URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...
XSS in RSS feed creation
URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...
Chrome script loading from fastload file — Mozilla
Mozilla security researcher mozbugra4 reported that when non-privileged XUL documents include scripts from chrome: URIs used in the browser it was possible to take advantage of the privilege level stored in the pre-compiled "fastload" file. This could allow an attacker to run arbitrary JavaScript...
visualsentinel-cas.txt
VisualSentinel 0.7 Cross Agent Scripting Discovered by: Alfredo Panzera, Opencosmo Security Software vendor: http://www.opencosmo.com Date: 31-05-2008 Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log th...
VisualSentinel 0.7 Cross Agent Scripting Vulnerability
VisualSentinel 0.7 Cross Agent Scripting Discovered by: Alfredo Panzera, Opencosmo Security Software vendor: http://www.opencosmo.com Date: 31-05-2008 Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log th...
eCMS 0.4.2 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/29304/info eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue. Exploiting these issues may allow an attacker to bypass certain security restrictions and gain unauthorized access to the...
Critical: Red Hat Security Advisory: java-1.6.0-ibm security update
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environmen...
Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered...
Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability
Exploit for unknown platform in category web applications ====================================================================== Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability ======================================================================...
Internet Photoshow (Special Edition) Insecure Cookie Handling Vuln
Exploit for unknown platform in category web applications ================================================================== Internet Photoshow Special Edition Insecure Cookie Handling Vuln ==================================================================...
Internet Photoshow (Special Edition) Insecure Cookie Handling Vuln
No description provided by source. --==+================================================================================+==-- --==+ Internet Photoshow Special Edition Insecure Cookie Handling +==-- --==+================================================================================+==-- Discover...
ActiveKB 1.5 - Insecure Cookie Handling/Arbitrary Admin Access
--==+================================================================================+==-- --==+ ActiveKB = 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 1...
Code injection
Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...