Updated ganglia-web package fixes security vulnerability

XSS issue in ganglia-web makes it possible to execute JavaScript in victims' browser after tricking the victim into opening a specially crafted URL CVE-2013-6395...

CVE-2013-5598

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object...

Google Translate Open Redirection

Summary The issue being described below affects google translate and is not exactly an open redirect. However the results can be the same under certain conditions. The following issue can be used as an open redirect when: Potential victim must not block javascripts from being executed in his/her...

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

Exploit for hardware platform in category web applications The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

CVE-2013-3647

The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because...

IBM WebSphere DataPower 3.8.2 / 4.0.x / 5.0 Cross Site Scripting

IBM WebSphere DataPower Integration Appliance XI50 versions 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0 suffer from a cross site scripting vulnerability. ======================================================================= title: JavaScript Execution in WebSphere DataPower Services product: IBM WebSphere...

WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities

Exploit Title: WordPress Simply Poll Plugin 1.4.1 CSRF and stored XSS Google Dork: inurl:"/wp-content/plugins/simply-poll Date: 16.03.2013 Exploit Author: m3tamantra Vendor Homepage: http://wordpress.org/extend/plugins/simply-poll/ Software Link:...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

e107 1.0.1 - Arbitrary JavaScript Execution via Cross-Site Request Forgery Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org...

e107 v1.0.1 CSRF Resulting in Arbitrary Javascript Execution

Exploit for php platform in category web applications Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 1.0.1 Administrator Cross Site Request Forgery

Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

PT-2025-31984

Name of the Vulnerable Software and Affected Versions Maxthon3 versions prior to 3.3 Description Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS through the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers t...

Penske Media Corporation Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the...

Mozilla: defaultValue security checks not applied (MFSA 2012-89)

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

Vip torrent 4.X.X - Multiple Vulnerabilities

Exploit for windows platform in category local exploits !/usr/bin/perl 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote,...

FreeBSD : mod_pagespeed -- multiple vulnerabilities (178ba4ea-fd40-11e1-b2ae-001fd0af1a4c)

Google Reports : modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions : - CVE-2012-4001, a problem with validation of own host name. - CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the...