5941 matches found
msxss.txt
Hello, I have found that microsoft.com fails to filter html properly on some pages. http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us';alert'xss this causes javascript to be executed when a user clicks the help link. Someone knows how to get js...
cpanel10.txt
A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...
security flaw
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
CVE-2006-0400
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."...
CVE-2006-0296
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...
phpBB <= 2.0.19 XSS Remote Cookie Disclosure Exploit
Exploit for unknown platform in category web applications ==================================================== phpBB tag means that the cursor must pass it in the y direction only. e.g. the mouse only needs to cross a point horrizontaly equal to the link in order for the javascript to be executed...
CVE-2005-4501
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting XSS attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer...
CVE-2005-4150
The CVE-2005-4150 entry describes a Cross-site scripting (XSS) vulnerability in the portal login page of Computer Associates CleverPath 4.7. Affects CleverPath 4.7; the vectors are described as unknown in the provided description. The NVD metrics list a CVSS v2 base score of 4.3 (Medium) with imp...
fuseXSS.txt
This was discovered by myself over the weekend. I cant find out what versions of fusebox this vulnerability is in but seeing as it affects the main fusebox page I can only assume it is the latest v4.1.0 and possibly some older versions. According to the Fusebox site, What is Fusebox? Fusebox is a...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor. Description The following vulnerabilities were found and fixed in the Mozilla Suite: "mozbugra4" and "shutdown" discovered that th...
Important: Red Hat Security Advisory: mozilla security update
Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug wa...
CVE-2002-2031
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results...
CVE-2002-2031
Affected software: Internet Explorer 5.0, 5.0.1 and 5.5. Vulnerability details: When JavaScript execution is enabled, a script tag with a src attribute referencing a non-JavaScript file can be used to determine the existence of arbitrary files, by leveraging the onError event handler to observe r...
FreeBSD : firefox -- PLUGINSPAGE privileged javascript execution (ce6ac624-aec8-11d9-a788-0001020eed82)
A Mozilla Foundation Security Advisory reports : When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute...
horde -- XSS vulnerabilities
A Hyperdose Security Advisory reports: Horde contains two XSS attacks that can be exploited through GET requests. Once exploited, these requests could be used to execute any javascript commands in the context of that user, potentially including but not limited to reading and deleting email, and...
Debian DSA-051-1 : netscape - unexpected javascript execution
Florian Wesch has discovered a problem reported to bugtraq with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page. This allows JavaScript execution in the 'about:' protocol and can for example be used to...
Debian DSA-073-1 : imp - 3 remote exploits
The Horde team released version 2.2.6 of IMP a web-based IMAP mail program which fixes three security problems. Their release announcement describes them as follows : - A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get scripts from...
CVE-2001-1351
CVE-2001-1351 concerns a cross-site scripting vulnerability in Namazu 2.0.8 and earlier. The issue allows remote attackers to execute arbitrary JavaScript in the context of other web users when displaying hit numbers, via the index file name shown in results. Affected component: Namazu search int...
CVE-2001-1352
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter...
lostBook v1.1 Javascript Execution
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: lostBook vendor: veryLost verylost.tk Affected Versions: 1.1 and lower Description: A simple flat db guestbook Vulnerabilities: XSS Date: July 29, 2004 Vuln Finder: r3d5pik3 me...