Good for Enterprise 2.2.2.1611 - XSS Vulnerability

Exploit for hardware platform in category web applications The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: alert'XSS Here'...

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

execution of javascript from filename

Steps to replicate: Add an attachment Rename the file to ".txt" Copy its remove link and open the link in a new browser window Result: The JavaScript code is executed, rather than showing the "proceed w/ deletion" screen. Everything works normally if you just click the delete button rather than...

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

CVE-2013-3647

The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because...

IBM WebSphere DataPower 3.8.2 / 4.0.x / 5.0 Cross Site Scripting

IBM WebSphere DataPower Integration Appliance XI50 versions 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0 suffer from a cross site scripting vulnerability. ======================================================================= title: JavaScript Execution in WebSphere DataPower Services product: IBM WebSphere...

WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities

Exploit Title: WordPress Simply Poll Plugin 1.4.1 CSRF and stored XSS Google Dork: inurl:"/wp-content/plugins/simply-poll Date: 16.03.2013 Exploit Author: m3tamantra Vendor Homepage: http://wordpress.org/extend/plugins/simply-poll/ Software Link:...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

e107 1.0.1 - Arbitrary JavaScript Execution via Cross-Site Request Forgery Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org...

e107 v1.0.1 CSRF Resulting in Arbitrary Javascript Execution

Exploit for php platform in category web applications Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 1.0.1 Administrator Cross Site Request Forgery

Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

PT-2025-31984

Name of the Vulnerable Software and Affected Versions Maxthon3 versions prior to 3.3 Description Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS through the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers t...

Penske Media Corporation Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the...

Mozilla: defaultValue security checks not applied (MFSA 2012-89)

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

Vip torrent 4.X.X - Multiple Vulnerabilities

Exploit for windows platform in category local exploits !/usr/bin/perl 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote,...

FreeBSD : mod_pagespeed -- multiple vulnerabilities (178ba4ea-fd40-11e1-b2ae-001fd0af1a4c)

Google Reports : modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions : - CVE-2012-4001, a problem with validation of own host name. - CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the...

USN-1510-1: Thunderbird vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly explo...

MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities : - An information...

thunderbird security update

CentOS Errata and Security Advisory CESA-2012:0388 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...