linux/x86 Perl script execution 99 bytes + script length

Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 Perl script execution 99 bytes + script length ======================================================== / Author : darkjoker Site : http://darkjoker.net23.net Shellcode :...

FAST ESP cross-site scripting vulnerability

Overview FAST ESP, an enterprise search platform from Microsoft, contains a cross-site scripting vulnerability. FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS

Calling window.print function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval...

Slackware 12.2 / current : xdg-utils (SSA:2009-033-01)

New xdg-utils packages are available for Slackware 12.2 and -current to fix security issues. Applications that use /etc/mailcap could be tricked into running an arbitrary script through xdg-open, and a separate flaw in xdg-open could allow the execution of arbitrary commands embedded in untrusted...

Oracle WebLogic Server vulnerable to cross-site scripting

Overview Oracle WebLogic Server formerly BEA WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Daiki Fukumori of...

MODx cross-site scripting vulnerability

Overview MODx, an open source contents management system, contains a cross-site scripting vulnerability. MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...

MyNETS cross-site scripting vulnerability

Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...

PHP vulnerable to cross-site scripting

Overview PHP contains a cross-site scripting vulnerability. PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Tomoki Sanaki of International Network Security, Inc. report...

Image properties can be used to execute scripts – Opera Security Advisories

Image properties can be used to execute scripts – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This...

Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability

Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...

Movable Type Enterprise cross-site scripting vulnerability

Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Yosuke HASEGAWA of...

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

Design/Logic Flaw

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ zeeproperty 1.0 Upload/XSS Multiple Remote Vulnerabilities ============================================================ ZEEPROPERTY v1.0 remote file Upload & XSS author: ZoRLu ms...

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Multiple vulnerabilities have been discovered in Opera: Opera does not restrict the ability of a framed web page to change the address associated with a different frame CVE-2008-4195. Chris Weber Casaba Security...

FreeBSD : opera -- multiple vulnerabilities (f5c4d7f7-9f4b-11dd-bab1-001999392805)

Opera reports : Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to look through the user's browsing history, including the contents of the pages they have visited. These may contain sensitive...