USN-1510-1: Thunderbird vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly explo...

MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities : - An information...

thunderbird security update

CentOS Errata and Security Advisory CESA-2012:0388 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...

Code injection

Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3...

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

Mozilla: Privilege escalation dropping a tab element in content area

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

HTML file type attachments are automatically rendered in IE.

h1. Steps to reproduce Create following HTML file and upload to any of Confluence page. code alert"Cookie: " + document.cookie; code Open the file on Internet Explorer 7. Then, you will see the javascript in that HTML file executed automatically. Issue happens with IE9,8,7 with Confluence 3.5...

Time And Expense Management System Cross Site Scripting

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://sourceforge.net/projects/tems/ Discovery...

webEdition CMS 6.1.0.2 - Multiple Vulnerabilities

------------------------------------------------------------------------ Software................Web Edition 6.1.0.2 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.webedition.org Vendor Contact Date.....3/13/2011 Disclosure...

OpenCollab 1.4.3 Cross Site Scripting

------------------------------------------------------------------------ Software................OpenCollab 1.4.3 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.opencollab.de/ Vendor Contact Date.....3/10/2011...

Wordpress plugin Comment Rating JavaScript Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress plugin Comment Rating JavaScript Execution Vulnerability Author: sasa1 mysite: www.dev-chat.com Vendor: http://wealthynetizen.com Download: http://downloads.wordpress.org/plugin/comment-rating.zip Exploit 4 Comment...

Ubuntu Update for thunderbird vulnerabilities USN-1050-1

Ubuntu Update for Linux kernel vulnerabilities USN-1050-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10501.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for thunderbird vulnerabilities USN-1050-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-1050-1)

Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the...

Dokeos 1.8.6.2 Cross Site Scripting

------------------------------------------------------------------------ Software................Dokeos 1.8.6.2 Vulnerability...........Reflected Cross-site Scripting Download................http://www.dokeos.com/ Release Date............2/12/2011 Tested On...............Windows Vista + XAMPP...

CiviCRM 3.3.3 Drupal-Joomla Cross Site Scripting

------------------------------------------------------------------------ Software................CiviCRM 3.3.3 Drupal-Joomla Vulnerability...........Reflected Cross-site Scripting Download................http://civicrm.org/ Release Date............2/2/2011 Tested On...............Windows Vista +...

Microsoft Internet Explorer - MHTML Protocol Handler Cross-Site Scripting

Microsoft Internet Explorer - MHTML Protocol Handler Cross-Site Scripting Hacking with mhtml protocol handler Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2011/1/15 References: http://www.80vul.com/mhtml/Hacking%20with%20mhtml%20protocol%20handler.txt Ph4nt0m Webzine 0x05...

WordPress FCChat Widget 2.1.7 Cross Site Scripting

------------------------------------------------------------------------ Software................WordPress FCChat Widget 2.1.7 Vulnerability...........Reflected Cross-site Scripting Download................http://www.fastcatsoftware.com/ Release Date............1/23/2011 Tested...

html-edit CMS Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 201...

html-edit CMS - Multiple Vulnerabilities

html-edit CMS - Multiple Vulnerabilities Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerabili...

Mandriva Linux Security Advisory : firefox (MDVSA-2010:251-2)

Security issues were identified and fixed in firefox : Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed b...