Design/Logic Flaw

The browser in Research In Motion RIM BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an...

Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure

Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure source: https://www.securityfocus.com/bid/43685/info Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails ...

BlackBerry Cross Origin Bypass

0000000000000000000000000000000000 000000000000000000000 00000000000000000000000000000000000 0000000000000000 00000000000000000000000000000000 + BlackBerry Browser Cross Origin Bypass + Author : 599eme Man + Contact : [email protected]...

SeaMonkey < 2.0.7 Multiple Vulnerabilities

Binary data 5660.prm...

SeaMonkey < 2.0.7 Multiple Vulnerabilities

Binary data 800885.prm...

Rumba CMS 2.4 Cross Site Scripting

================================== Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrumbacms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. http://rumbacms.com Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010...

Orbis 1.0.2 Cross Site Scripting

------------------------------------------------------------------------ Software................Orbis 1.0.2 Vulnerability...........Reflected XSS Download................http://www.novo-ws.com/orbis-cms/ Release Date............7/5/2010 Tested On...............Windows Vista + XAMPP...

NewsOffice 2.0.18 Cross Site Scripting

------------------------------------------------------------------------ Software................NewsOffice 2.0.18 Vulnerability...........Reflected XSS Download................http://newsoffice.newanz.com/ Release Date............7/5/2010 Tested On...............Windows Vista + XAMPP...

Wiki Web Help 0.2.7 cross site scripting

No description provided by source. ------------------------------------------------------------------------ Software................Wiki Web Help 0.2.7 Vulnerability...........Persistent/Reflected XSS Download................http://sourceforge.net/projects/wwh/ Release Date............7/1/2010...

Fedora 12 : python-paste-1.7.4-1.fc12 (2010-10383)

1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...

Stored XSS vulnerability in synType CMS comment text field

Vulnerability ID: HTB22417 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinsyntypecmscommenttextfield.html Product: synType CMS Vendor: MindArray GbR Vulnerable Version: V.0.12.2 and Probably Prior Versions Vendor Notification: 03 June 2010 Vulnerability Type: Stored XSS Cross...

CVE-2010-2110

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors...

Google Patches 'High Risk' Chrome Flaws

Google has pushed out another automatic Chrome browser update to fix multiple security issues that could expose users to hacker attacks. Google Chrome 5.0.375.55, available for Windows, Mac and Linux, addresses at least two “high risk” vulnerabilities and several security-related denial-of-servic...

Google Chrome < 5.0.375.55 Multiple Vulnerabilities

Binary data 5553.pasl...

Ziepod+ 1.0 Cross Application Scripting

!/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...

Ziepod+ 1.0 - CrossApplication Scripting

Ziepod+ 1.0 - CrossApplication Scripting !/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // |...

Ziepod+ 1.0 - CrossApplication Scripting

!/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...

CVE-2010-1585

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

Design/Logic Flaw

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

Ubuntu 8.10 / 9.04 / 9.10 : kdebase-runtime vulnerabilities (USN-872-1)

It was discovered that the KIO subsystem of KDE did not properly perform input validation when processing help:// URIs. If a user or KIO application processed a crafted help:// URI, an attacker could trigger JavaScript execution or access files via directory traversal. Note that Tenable Network...