Mozilla Thunderbird Multiple Vulnerabilities November-08 (Windows)

The host is installed with Mozilla Thunderbird and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbthunderbirdmultvulnnov08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Thunderbird Multiple Vulnerabilities November-08 Windows Authors: Chandan S Copyright: Copyright...

CVE-2008-5108

Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors...

CVE-2008-5108

Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors...

EUVD-2008-4998

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...

mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Mozilla Firefox <= 1.0.4 "Set As Wallpaper" Code Execution Exploit

No description provided by source. // Exploit by Michael Krax !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" html head titleFirewalling - Proof-of-Concept/title script function stopload // in some cases the javascript url never stops to load // therefore we force a stop after the...

Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability

Description Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary...

Debian Security Advisory DSA 051-1 (netscape)

The remote host is missing an update to netscape announced via advisory DSA 051-1. OpenVAS Vulnerability Test $Id: deb0511.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 051-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1224-1 (mozilla)

The remote host is missing an update to mozilla announced via advisory DSA 1224-1. Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-4310 Tomas Kempinsky...

Debian Security Advisory DSA 1192-1 (mozilla)

The remote host is missing an update to mozilla announced via advisory DSA 1192-1. Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro...

Debian Security Advisory DSA 051-1 (netscape)

The remote host is missing an update to netscape announced via advisory DSA 051-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : Security update for (ZYPP Patch Number 2088)

This security update brings Mozilla Firefox to version 1.5.0.7. More details can be found on: http://www.mozilla.org/projects/security/known-vulnerabiliti es.html It includes fixes to the following security problems : - Crashes with evidence of memory corruption MFSA 2006-63 / CVE-2006-4570:...

Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-352-1)

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. CVE-2006-4253,...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

openSUSE 10 Security Update : seamonkey (seamonkey-2098)

This security update brings Mozilla SeaMonkey to version 1.0.5. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory corruption MFSA...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2100)

This security update brings Mozilla Thunderbird to version 1.5.0.7. More Details can be found on this page: http://www.mozilla.org/projects/security/known-vulnerabilities.html It includes fixes to the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory...

Insanely simple blog - Multiple vulnerabilities

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...