Cross site scripting

Cross-site scripting XSS vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-2226

Cross-site scripting XSS vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-2226

Cross-site scripting XSS vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-2226

CVE-2009-2226 concerns Tree BBS from Let’s PHP! (prototype 2004/11/23 and earlier). The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to execute arbitrary script/HTML in a user’s browser via unspecified vectors. Affected software is Tree BBS from Let’s PHP!,...

Firefox 2 and 3 Layout engine crash

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...

Firefox 2 and 3 Layout engine crash

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...

JVN#93827000 Tree BBS from Let's PHP! vulnerable to cross-site scripting

Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by t...

CVE-2009-2078

Multiple cross-site scripting XSS vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the 1 node title and 2 node body in a tree root page...

Mandriva Linux Security Advisory : rsh (MDVSA-2008:191)

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server CVE-2004-0175. This issue was originally...

Firefox 2 and 3 Layout engine crash

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...

Firefox 2 and 3 Layout engine crash

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...

SUSE: Security Advisory for MozillaFirefox (SUSE-SA:2009:022)

The remote host is missing updates announced in advisory SUSE-SA:2009:022. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

SuSE Security Advisory SUSE-SA:2009:022 (MozillaFirefox)

The remote host is missing updates announced in advisory SUSE-SA:2009:022. OpenVAS Vulnerability Test $Id: susesa2009022.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:022 MozillaFirefox Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

Mandriva Update for kdegraphics MDKSA-2007:024 (kdegraphics)

Check for the Version of kdegraphics OpenVAS Vulnerability Test Mandriva Update for kdegraphics MDKSA-2007:024 kdegraphics Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mozilla Foundation Security Advisory 2009-13

Mozilla Foundation Security Advisory 2009-13 Title: Arbitrary code execution via XUL tree element Impact: Critical Announced: March 27, 2009 Reporter: Nils Products: Firefox Fixed in: Firefox 3.0.8 Description Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL...

Firefox 3.0.8 fixes two code execution holes

Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks. It includes a fix for one of the flaws exploited during this year’s CanSecWest Pwn2Own hacker contest. The update also fixes a separate zero-day flaw...

CVE-2009-1044

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009...

Arbitrary code execution via XUL tree element — Mozilla

Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed...

Remote file inclusion

PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery comtreeg component 1.0 for Joomla!, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfiglivesite parameter...

CVE-2008-6482

PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery comtreeg component 1.0 for Joomla!, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfiglivesite parameter...