PEAK XOOPS piCal cross-site scripting vulnerability

Overview piCal from PEAK XOOPS contains a cross-site scripting vulnerability. piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Masako Oono of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with...

linux/x86 Perl script execution 99 bytes + script length

linux/x86 Perl script execution 99 bytes + script length. Shellcode exploit for linx86 platform / Author : darkjoker Site : http://darkjoker.net23.net Shellcode : linux/x86 Perl script execution 99 bytes + script length .global start start: xor %eax, %eax xor %ebx, %ebx xor %ecx, %ecx xor %edx,...

linux/x86 Perl script execution 99 bytes + script length

Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 Perl script execution 99 bytes + script length ======================================================== / Author : darkjoker Site : http://darkjoker.net23.net Shellcode :...

FAST ESP cross-site scripting vulnerability

Overview FAST ESP, an enterprise search platform from Microsoft, contains a cross-site scripting vulnerability. FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability...

Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS

Calling window.print function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

Slackware 12.2 / current : xdg-utils (SSA:2009-033-01)

New xdg-utils packages are available for Slackware 12.2 and -current to fix security issues. Applications that use /etc/mailcap could be tricked into running an arbitrary script through xdg-open, and a separate flaw in xdg-open could allow the execution of arbitrary commands embedded in untrusted...

Oracle WebLogic Server vulnerable to cross-site scripting

Overview Oracle WebLogic Server formerly BEA WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Daiki Fukumori of...

MODx cross-site scripting vulnerability

Overview MODx, an open source contents management system, contains a cross-site scripting vulnerability. MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...

MyNETS cross-site scripting vulnerability

Overview MyNETS, an open source SNS software, contains a cross-site scripting vulnerability. MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary...

PHP vulnerable to cross-site scripting

Overview PHP contains a cross-site scripting vulnerability. PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Tomoki Sanaki of International Network Security, Inc. report...

Image properties can be used to execute scripts – Opera Security Advisories

Image properties can be used to execute scripts – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This...

Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability

Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...

Movable Type Enterprise cross-site scripting vulnerability

Overview Movable Type Enterprise contains a cross-site scripting vulnerability. Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN30385652 and JVN81490697. Yosuke HASEGAWA of...

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

Design/Logic Flaw

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

Mozilla -moz-binding property bypasses security checks on codebase principals

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file...

zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ zeeproperty 1.0 Upload/XSS Multiple Remote Vulnerabilities ============================================================ ZEEPROPERTY v1.0 remote file Upload & XSS author: ZoRLu ms...