isb05-sql.txt

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities

Description Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting these issues allows remote attackers to execute...

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

[Full-disclosure] Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200703-18 Mozilla Thunderbird: Multiple vulnerabilities Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the...

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

security flaw

Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...

gmx-xss.txt

hello everybody, recently, i've detected that gmx, a german freemail-provider it offers professional services too is prone to a xss-vulnerability. An attacker could send an email containing these string: Because gmx-webmail displays html-mails also, you can color the code white so that the...

pdf-xss.txt

I will be very quick and just point to links where you can read about this issue. It seams that PDF documents can execute JavaScript code for no apparent reason by using the following template: http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere You must understand that the...

[Full-disclosure] Universal XSS with PDF files: highly dangerous

I will be very quick and just point to links where you can read about this issue. It seams that PDF documents can execute JavaScript code for no apparent reason by using the following template: http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere You must understand that the...

youtube-js.txt

The following URL will cause javascript to execute in the context of youtube http://www.youtube.com/p.swf?videoid=eVFF98kNg8Q&eurl=&t=&iurl=javascript:alert'Javascript%20executed!\r\n\r\nLocation: '%2bwindow.location%2b'\r\n\r\nCookie: '%2bdocument.cookie Cheers...

[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1224-1 [email protected] http://www.debian.org/security/ Martin Schulze December 3rd, 2006 http://www.debian.org/security/faq -...

CVE-2006-5463

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...

security flaw

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...

Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

USN-352-1: Thunderbird vulnerabilities

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. CVE-2006-4253,...

CVE-2006-4965

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of...

FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)

The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 - MFSA...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...