Internet Explorer vulnerable in handling CDO protocol

Overview Internet Explorer is vulnerable in handling CDO Collaboration Data Objects protocol, which allows the download dialog box to be bypassed. When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual conten...

MyNETS cross-site scripting vulnerability

Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...

Blosxom vulnerable to cross-site scripting

Overview Blosxom, a weblog system contains a cross-site scripting vulnerability. Blosxom is an open source weblog system. Blosxom contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

EC-CUBE cross-site scripting vulnerability

Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, a...

EC-CUBE cross-site scripting vulnerability

Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...

Design/Logic Flaw

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the 1 elem.doCommand, 2 elem.dispatchEvent, 3 setTitleText, 4 setTitleImage, and 5 initSubscriptionUI functions...

CVE-2008-3836

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the 1 elem.doCommand, 2 elem.dispatchEvent, 3 setTitleText, 4 setTitleImage, and 5 initSubscriptionUI functions...

Gentoo Security Advisory GLSA 200510-24 (Mantis)

The remote host is missing updates announced in advisory GLSA 200510-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)

The remote host is missing updates announced in advisory GLSA 200605-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2008-3836

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the 1 elem.doCommand, 2 elem.dispatchEvent, 3 setTitleText, 4 setTitleImage, and 5 initSubscriptionUI functions...

Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor unde...

JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product. This vulnerability is...

FreeBSD Ports: openwebmail

The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Blogn vulnerable to cross-site scripting

Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting

Overview mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability. mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA...

Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...

La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...

JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...

Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30542/info Pluck is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...