377 matches found
MouseoverDictionary vulnerable to arbitrary script execution
Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...
CVE-2007-6205
CVE-2007-6205 is a cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) of S9Y Serendipity prior to 1.2.1. An attacker can inject arbitrary script/HTML via a link in an RSS feed. Public advisories (Debian DSA-1528-1, related OpenVAS/NVL) documen...
Mozilla FireFox侧栏书签拒绝服务漏洞
BUGTRAQ ID: 26216 FireFox是一款流行的开源WEB浏览器。 FireFox在处理书签时存在漏洞,恶意网页可能利用此漏洞导致浏览器不可用。 如果用户受骗使用Firefox访问了恶意网页并将恶意网页添加到书签的话,则在点击书签的时候就会导致浏览器拒绝服务,即使重启也不会恢复操作,必须删除侧栏面板或重装浏览器才能恢复服务 Mozilla Firefox 2.0.0.8 Mozilla ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.mozilla.org/ script...
CVE-2007-4818
Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 addons/plugin.php, 2 addons/sidebar.php, 3 mail/index.php, or 4 mail/mailbox.php in modules/...
CVE-2007-4818
CVE-2007-4818 concerns multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 . The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the doc_root parameter to particular module files: (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, and...
Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. :::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | //...
Txx CMS 0.2 - Multiple Remote File Inclusions
Txx CMS 0.2 - Multiple Remote File Inclusions :::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || |||...
Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ========================================================== Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities ==========================================================...
Microsoft Vista侧栏联系人及天气小工具远程代码执行漏洞(MS07-048)
BUGTRAQ ID: 25306,25304 CVECAN ID: CVE-2007-3891,CVE-2007-3032 Vista是微软发布的最新的操作系统。 Vista侧栏的联系人和天气小工具在解析某些属性时没有执行充分的验证,远程攻击者可能利用此漏洞通过诱使用户执行某些操作来控制系统。 如果用户在联系人小工具中导入添加了恶意的联系人文件,或单击了天气小工具中的恶意链接,就可能导致在系统上运行恶意代码。 Microsoft Windows Vista 临时解决方法: 卸载或禁用天气和联系人小工具 在“组策略”或注册表中禁用侧栏 修改gadget.xml上的访问控制列表以增加限制:...
[Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability
Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability iDefense Security Advisory 08.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 14, 2007 I. BACKGROUND The Vista sidebar is a desktop extension that allows the user to keep a number of "gadgets",...
CVE-2007-2627
Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...
DEBIAN-CVE-2007-2627
Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...
CVE-2007-2627
Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...
MDKSA-2005:120-1 : mozilla-firefox
A number of vulnerabilities were reported and fixed in Firefox 1.0.5 and Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update: In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and...
Fedora Core 3 : firefox-1.0.2-1.3.1 (2005-246)
A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the...
USN-149-1: Firefox vulnerabilities
Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 In several places the browser user interface did not...
security flaw
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...
mfsa2005-49exploit.txt
// Exploit by Kohei Yoshino Sidebar Attack, Reloaded 1. Click here to open this page into sidebar. 2. document.writedocument.cookie;" Click here to steal your cookies on Bugzilla. 3. Then, open about:config in content area. 4. Components.classes'@mozilla.org/...
CVE-2005-2264
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...
CVE-2005-2264
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...