CVE-2010-3330

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different 1 domain or 2 zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."...

PT-2010-4741 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue allows remote attackers to obtain sensitive information via a crafted web site due to improper restriction of script access to content from a different domain or zone. An...

Opera 9 Configuration Overwrite

Opera web browser in versions HttpClients::OPERA, :uamaxver = "9.10", :osname = OperatingSystems::Match::WINDOWS, OperatingSystems::Match::LINUX , :javascript = true, :rank = ExcellentRanking, reliable cmd exec, cleans up after itself :vulntest = nil, def initializeinfo = superupdateinfoinfo,...

For IIS write permissions for the simple analysis-vulnerability warning-the black bar safety net

//Or to be symbolic of a copyright, reproduced, please indicate the b0r3d's blog http://www.b0r3d.org //Last month to the Black hand cast went, people since there is no published, I will send to it, after all the articles of original content is too small, the technical content is not high. Recent...

Script access to .documentURI and .textContent in mail — Mozilla

Mozilla developer Boris Zbarsky reported that a malicious mail message might be able to glean personal information about the recipient from the mailbox URI such as computer account name if the mail recipient has enabled JavaScript in mail. If a malicious mail is forwarded "in-line" to a recipient...

Wonderful with IIS write permissions to trigger the backdoor-vulnerability warning-the black bar safety net

Mentioned Microsoft IIS, many people will think of“vulnerability”: UNICODE, CGI parsing, ida, idq, a Printer and other remote overflow, and the front of last year's webdav remote overflow, etc., really the so-called“porous”in. These are the IIS itself, the application vulnerability, as long as by...

security flaw

Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations...

security flaw

The mbparsestr function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal registerglobals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with registerglobals functionality that is not...

Opera 9.10 - Configuration Overwrite (Metasploit)

Opera 9.10 - Configuration Overwrite Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

CVE-2002-1715

SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access...

BetaParticle blog 2.03.0 - myFiles.asp File Manipulation

BetaParticle blog 2.03.0 - myFiles.asp File Manipulation source: https://www.securityfocus.com/bid/12861/info betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that betaparticle blog fails to sufficiently secure the...

PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/12841/info PHPOpenChat is reportedly affected by multiple remote HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

CVE-2002-1156

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...

GLSA-200408-05 : Opera: Multiple new vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200408-05 Opera: Multiple new vulnerabilities Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the 'location' browser object. An attacker can overwrite methods in this object a...

Opera: Multiple new vulnerabilities

Background Opera is a multi-platform web browser. Description Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the "location" browser object. An attacker can overwrite methods in this object and gain script access to any page that uses one of...

PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass

PHP-Nuke 5.x6.x7.x - Direct Script Access Security Bypass source: https://www.securityfocus.com/bid/10447/info PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue wi...

CVE-2002-1132

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script...

CVE-2001-1248

vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character %20...

Vulnerability in Viralator proxy extension

Hi! Date: October 2001 Product: Viralator http://viralator.loddington.com/ Viralator is a perl-script to be used with the squid proxy, an apache webserver and some virus scanner software. Its purpose is to allow scanning of files downloaded through the proxy for viruses. The product has been list...

Security problems with Phorum php message board

Author: Brian Moon Homepage: www.phorum.org Version: 3.2.6 Problem: Any user can parse a choosed php script file using the Phorum sustem. It is also possibel, under certain circunstances, to execute arbitrary commands on the server as the httpd user. Status: Fixed in version 3.2.7 released...