CVE-2008-2000

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...

Microsoft Excel 2007 - JavaScript Code Remote Denial of Service

Microsoft Excel 2007 - JavaScript Code Remote Denial of Service source: https://www.securityfocus.com/bid/28946/info Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability,...

Microsoft Excel 2007 - JavaScript Code Remote Denial of Service

source: https://www.securityfocus.com/bid/28946/info Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to execute arbitrary code, but this ha...

PhShoutBox 1.5 - Insecure Cookie Handling

PhShoutBox 1.5 - Insecure Cookie Handling --==+================================================================================+==-- --==+ PhShoutBox = 1.5 final Insecure Cookie Handling Arbitrary Authentication +==--...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Sun Java JRE Multiple Vulnerabilities (233321-233327)

The version of Sun Java Runtime Environment JRE installed on the remote host is affected by one or more security issues : - Two vulnerabilities in the JRE VM may independently allow an untrusted application or applet downloaded from a website to elevate its privileges 233321. - When processing XS...

INFIGO-2008-02-13.txt

INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...

Design/Logic Flaw

Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service memory exhaustion and device crash via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of...

CVE-2008-0729

Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service memory exhaustion and device crash via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of...

Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BOF Exploit

Exploit for unknown platform in category remote exploits ============================================================== Yahoo! Music Jukebox 2.2 AddImage ActiveX Remote BOF Exploit ============================================================== function unescape$s $res=strtoupperbin2hex$s; $g =...

Debian: Security Advisory (DSA-820-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 sortmode parameter to wiki/listpages.php and the 2 highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in...

CVE-2007-6375

CVE-2007-6375 affects Bitweaver 2.0.0 and earlier. The vulnerability comprises multiple SQL injection flaws that allow remote attackers to execute arbitrary SQL commands via (1) the sort_mode parameter to wiki/list_pages.php and (2) the highlight parameter to search/index.php. A report also menti...

MySpace Scripts Poll Creator - index.php HTML Injection

MySpace Scripts Poll Creator - index.php HTML Injection source: https://www.securityfocus.com/bid/26544/info MySpace Scripts Poll Creator is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated...

Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to...

[Full-disclosure] ifnet.it WEBIF XSS Vulnerability

----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: IFNET.IT WEBIF XSS VULNERABILITY || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME Author: SkyOut Date:...

webif-xss.txt

----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: IFNET.IT WEBIF XSS VULNERABILITY || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME Author: SkyOut Date:...

S21SEC-038-en.txt

S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...

rgod_em_msgprn_heap.txt

pwnin'... //add su one, user: sun pass: tzu shellcode =...