2179 matches found
ESET Cross Site Scripting
\ // /\ /\ / | \ \ | | | | / \ | \ | | http://www.eset.com/ | / / // / || / / / Cross Site Scripting Exploit Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Vulnerability: Cross Site Scripting ————————- 1. INFORMATION | ————————- Site:...
Chrome privilege escalation in XPCVariant::VariantDataToJS() — Mozilla
Mozilla security researcher mozbugra4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web...
Stolen FTP credentials likely in massive web attacks
From SearchSecurity Rob Westervelt Stolen FTP credentials are suspected as the root cause of a massive attack compromising over 40,000 web sites. Attackers have targeted legitimate websites in the latest wave, and so far researchers at security vendor Websense Inc. say it isn’t likely that SQL...
CVE-2008-2014
Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...
[INFIGO-2008-02-13]: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability
INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...
INFIGO-2008-02-13.txt
INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...
Web Server Malicious JavaScript Link Detection
The remote web server seems to link to malicious JavaScript files hosted on a third-party website. This typically means that the remote web server has been compromised, and it may infect its visitors as well. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
firefox security update
CentOS Errata and Security Advisory CESA-2007:0724 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source...
ffoxdie.txt
= 9 setTimeout'foo',3000; else if counter = 6 setTimeout'foo',200; else setTimeout'foo',1000; counter++; else document.getElementById'foo'.src = "http://lcamtuf.coredump.cx/ffoxdieok.html"; // -- Tyger, Tyger. burning bright In the forests of the night, What immortal hand or eye Could frame thy...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...
Bypassing of web filters by using ASCII
iKu Advisory Product : Microsoft InternetExplorer 6 : various filter applications Date : June 20th 2006 Affected versions : all Vulnerability Type : bypassing security filters Severity 1-10 : 10 Remote : yes 0. contents 1. problem description 2. affected software 3. bug description/possible fix 4...
Comersus Cart Cross-Site Scripting Vulnerability
The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client SPDX-FileCopyrightText: 2004 Noam Rathaus Some tex...
GLSA-200507-18 : MediaWiki: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200507-18 MediaWiki: XSS vulnerability MediaWiki fails to escape a parameter in the page move template correctly. Impact : By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...
XXS in fusetalk forum
Vendor : fusetalk URL : http://www.fusetalk.com/ Version: 4.0 Risk : Cross site scripting Description: Fusetalk is a discussion forum solution that provides a powerful and simple method of web-based collaboration. Cross site scripting: The filtering script for the img src= doesnt filter " if...
CVE-2003-0814
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...
Cacheflow CacheOS 3.1.x4.0.x4.1 - Unresolved Domain Cross-Site Scripting
Cacheflow CacheOS 3.1.x4.0.x4.1 - Unresolved Domain Cross-Site Scripting source: https://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before...
Cacheflow CacheOS 3.1.x/4.0.x/4.1 - Unresolved Domain Cross-Site Scripting
source: https://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host error page. An attacker may constru...
Working Resources BadBlue 1.7 - ext.dll Cross-Site Scripting
Working Resources BadBlue 1.7 - ext.dll Cross-Site Scripting source: https://www.securityfocus.com/bid/5086/info BadBlue is a P2P file sharing application distributed by Working Resources. The ext.dll ISAPI does not sufficiently sanitize input. Because of this, it is possible for a user to create...
CVE-1999-1167
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation...