5946 matches found
Ziepod+ 1.0 - CrossApplication Scripting
!/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...
CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...
Design/Logic Flaw
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...
Ubuntu 8.10 / 9.04 / 9.10 : kdebase-runtime vulnerabilities (USN-872-1)
It was discovered that the KIO subsystem of KDE did not properly perform input validation when processing help:// URIs. If a user or KIO application processed a crafted help:// URI, an attacker could trigger JavaScript execution or access files via directory traversal. Note that Tenable Network...
USN-872-1: KDE 4 Runtime vulnerabilities
It was discovered that the KIO subsystem of KDE did not properly perform input validation when processing help:// URIs. If a user or KIO application processed a crafted help:// URI, an attacker could trigger JavaScript execution or access files via directory traversal...
CVE-2009-4148
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...
KDE -- multiple vulnerabilities
oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...
Mozilla Thunderbird WYSIWIG Engine Filtering IFRAME JavaScript Execution (CVE-2006-0884)
Mozilla Thunderbird is an email client application often seen as an alternative to the mainstream Microsoft email clients. Thunderbird supports various email delivering protocols such as SMTP, IMAP and POP3. The program is also capable of reading and composing HTML formatted email messages. A...
Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities
Binary data 5161.prm...
Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter...
Joomla! Extension UIajaxIM 1.1 - JavaScript Execution
Joomla! Extension UIajaxIM 1.1 - JavaScript Execution 0000000000000000000000000000000000 000000000000000000000 00000000000000000000000000000000000 0000000000000000 00000000000000000000000000000000 + Joomla Extension UIajaxIM 1.1 Javascript Execution + Software : Joomla + Author : 599eme Man +...
Joomla! Extension UIajaxIM 1.1 - JavaScript Execution
0000000000000000000000000000000000 000000000000000000000 00000000000000000000000000000000000 0000000000000000 00000000000000000000000000000000 + Joomla Extension UIajaxIM 1.1 Javascript Execution + Software : Joomla + Author : 599eme Man + Contact : [email protected] + Thanks : Moudi, Neocoderz,...
Phorum 5.2.11 Cross Site Scripting
//----- Advisory Program : Phorum 5.2.11 Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : crashfr at sysdream dot com This Advisory : crashfr at sysdream dot com //----- Application description Started in 1998, Phorum was the original PHP and MySQL...
Apple Safari Multiple Vulnerabilities - 01 - (Jun 2009) - Windows
Apple Safari Web Browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...
CVE-2009-1704
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file...
Novell Groupwise Cross Site Scripting
Novell GroupWise Web Access Multiple XSS /============================================\ / SecureState R&D Team - leroy and sasquatch \ / Discovered: 11-24-08, 03-05-09 \ \ Vendor Notified: 01-06-09, 03-05-09 / \ Vendor Publication: 05-21-09 / ============================================/...
Novell GroupWise Web Access Multiple XSS
Novell GroupWise Web Access Multiple XSS /============================================ / SecureState R&D Team - leroy and sasquatch / Discovered: 11-24-08, 03-05-09 Vendor Notified: 01-06-09, 03-05-09 / Vendor Publication: 05-21-09 / ============================================/...
Mozilla Thunderbird Multiple Vulnerabilities (Apr 2009) - Linux
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Security Advisory RHSA-2009:0436
The remote host is missing updates announced in advisory RHSA-2009:0436. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : mozilla-thunderbird, thunderbird vulnerabilities (USN-647-1)
It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening a malicious website, an attacker may be able to execute JavaScript in the context of a different website. CVE-2008-3835 Several problems were discovered in...