security flaw

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

firefox -- arbitrary code execution from sidebar panel

A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...

CVE-2004-1712

Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...

phpmyadmin -- arbitrary file include and XSS vulnerabilities

A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...

Invision Power Board (IP.Board) 1.x2.0.3 - SML Code Script Injection

Invision Power Board IP.Board 1.x2.0.3 - SML Code Script Injection source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script...

Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection

source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content. Since this could permit an attacker to inject hostile...

[Full-Disclosure] XSS VULNERABILITY AT MODULE PostWrap

Bonjour, Albania Security Clan vient de decouvrir une vulnebalirite de type XSS dans le module PostWrap le problem est au niveu de /index.php?module=PostWrap&page=http://hostename.com/HACK/asc/ascmd.txt c n'est po une php injection parce que c'est protege mais on peux injecter des comandes XSS, d...

Security Advisory: BiTBOARD xss

Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...

CVE-2004-2174

Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...

YaBB Shadow BBCode Tag XSS

The remote host is using the YaBB web forum software. According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using shadow or glow tags. This may allow an attacker to inject hostile JavaScript into the forum system, to steal cookie...

Google Toolbar 1.1.x - About.HTML HTML Injection

source: https://www.securityfocus.com/bid/11210/info Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code. This vulnerability may allow an attacker to inject malicious HTML and...

Mozilla Firefox < 2.0.0.15 Multiple Vulnerabilities

Binary data 4567.prm...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

Binary data 4568.prm...

CVE-2004-1712

Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...

Microsoft Internet Explorer - Overly Trusted Location Cache

Microsoft Internet Explorer - Overly Trusted Location Cache Overly Trusted Location Variant Method Cache Vulnerability GO! This vulnerability seems to be unstable. For some reason, it crashes my internet explorer unless the exploit is executed onlo +ad and even then it crashes sometimes. var...

MS Internet Explorer Remote Application.Shell Exploit

Exploit for unknown platform in category remote exploits ===================================================== MS Internet Explorer Remote Application.Shell Exploit ===================================================== function InjectedDuringRedirection...

ArbitroWeb v0.6 Javascript injection vulnerability

vendor: ArbitroWeb about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of scripts, all URL's contained will be adjusted/mangled to it's own scripts. date: june 22nd, 2004 vendor status: ? problem: javascript can be injected into the...

[Full-Disclosure] Blogger XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------ BLOGGER XSS VULNERABILITY - ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?470 Severity : Moderately Critical for Members Permanent Accou...