DEBIAN-CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

PT-2007-1209 · Rapid · Rapid Classified

Name of the Vulnerable Software and Affected Versions: Rapid Classified version 3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various parameters in different scripts,...

CVE-2007-0082

This entry covers CVE-2007-0082 affecting IMGallery 2.5 and earlier. The vulnerability occurs in users_adm/start1.php where files with multiple extensions are not properly handled, allowing remote authenticated users to upload and execute arbitrary PHP scripts. The documented impact is partial co...

EditTag 1.2 - 'mkpw.pl?plain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in t...

PHP iCalendar 1.12.x - getdate Cross-Site Scripting

PHP iCalendar 1.12.x - getdate Cross-Site Scripting source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

WordPress 1.x2.0.x - template.php HTML Injection

WordPress 1.x2.0.x - template.php HTML Injection source: https://www.securityfocus.com/bid/21782/info Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the...

JVN#02729869 pnamazu cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...

TimberWolf 1.2.2 - shownews.php Cross-Site Scripting

TimberWolf 1.2.2 - shownews.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21733/info TimberWolf is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...

Apple QuickTime插件任意脚本执行漏洞

Apple QuickTime是一款流行的媒体播放程序。 Apple QuickTime处理Media Link文件存在问题，远程攻击者可以利用漏洞导致任意脚本代码执行，获得敏感信息。 Media Link文件提供对媒体文件更方便的访问模式，.qtl文件使用xml语言，类似语法如下： ?xml version="1.0" ?quicktime type="application/x-quicktime-media-link"? embed src="Sample.mov" autoplay="true"/...

RSS reading potential security issue-vulnerability warning-the black bar safety net

2 days before the Read? RSS reading potential security issues | unfinished - Incomplete, the talk is mixed in the Rich Text of the RSS in js in RSS reading client implementation resulting in a potential vulnerability issue. Happened to me last weekend when also encountered a similar problem: but...

eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion

eXtreme-fusion 4.02 - FusionForumView.php Local File Inclusion source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized...

Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities

Overview The Sun Secure Global Desktop SSGD contains cross-site scripting vulnerabilities. Description Sun Secure Global Desktop formerly Tarantella contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML...

XD100098.txt

Orkut Group Cross Site Scripting Vulnerability XDisclose Advisory : XD100098 Vulnerability Discovered: November 08th 2006 Advisory Released : December 11th 2006 Credit : Rajesh Sethumadhavan Class : Cross Site Scripting HTML Injection Severity : Medium Solution Status : Unpatched Vendor : Google...

Cilem Haber Free Edition - 'hata.asp?hata' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21511/info Ã?ilem Haber Free Edition is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

CVE-2006-6255

The CVE-2006-6255 entry concerns the NukeAI 0.0.3 Beta module for PHP-Nuke, where a vulnerability in util.php allows remote code execution. An attacker can upload and execute arbitrary PHP code by supplying a filename with a .php extension in the filename parameter and code in the moreinfo parame...

Vt-Forum Lite 1.3 - 'vf_info.asp?StrMes' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting use...

BirdBlog 1.4 - adminadmincore.php?msg Cross-Site Scripting

BirdBlog 1.4 - adminadmincore.php?msg Cross-Site Scripting source: https://www.securityfocus.com/bid/21184/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...