RHEL 3 : gaim (RHSA-2004:604)

An updated gaim package that fixes security issues, fixes various bugs, and includes various enhancements for Red Hat Enterprise Linux 3 is now available. The gaim application is a multi-protocol instant messaging client. A buffer overflow has been discovered in the MSN protocol handler. When...

Debian DSA-477-1 : xine-ui - insecure temporary file creation

Shaun Colley discovered a problem in xine-ui, the xine video player user interface. A script contained in the package to possibly remedy a problem or report a bug does not create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the...

Microsoft Internet Explorer window.createPopup() method creates chromeless windows

Overview The Internet Explorer IE window.createPopup method creates chromeless popup windows. These windows can be used to spoof the user interface in Internet Explorer, any Windows application, or the Windows desktop. Description The visible area of a web browser window can be categorized into t...

CVE-2004-0764

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language XUL files...

Firefox < 1.0 Multiple Spoofing Vulnerabilities

The remote host is using Mozilla and/or Firefox, an alternative web browser. This web browser supports the XUL XML User Interface Language, a language designed to manipulate the user interface of the browser itself. Since XUL gives the full control of the browser GUI to the visited websites, an...

Mozilla / Firefox user interface spoofing vulnerability

The Mozilla project's family of browsers contain a design flaw that can allow a website to spoof almost perfectly any part of the Mozilla user interface, including spoofing web sites for phishing or internal elements such as the "Master Password" dialog box. This achieved by manipulating "chrome"...

HijackClick 3

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net HijackClick 3!!! Took the name from Liu Die Yu : Tested IEXPLORE.EXE file version 6.0.2800.1106 MSHTML.DLL file version 6.00.2800.1400 Microsoft Windows XP sp2 Discussion The HijackClick series have been...

RHEL 2.1 : vnc (RHSA-2003:068)

Updated VNC packages are available to fix a weak cookie vulnerability. VNC is a tool for providing a remote graphical user interface. The VNC server acts as an X server, but the script for starting it generates an MIT X cookie which is used for X authentication without using a strong enough rando...

Spam-protection

We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It shouldn't be too hard to do - we already track URL links. The UI will need some thought though what do you do if you define a URL as spam, and it's in a page? Revert the page back t...

Spam-protection

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-1469. panel We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It...

Spam-protection

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-1469. panel We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam. It...

vBulletin 1.02.x3.0 - index.php User Interface Spoofing

vBulletin 1.02.x3.0 - index.php User Interface Spoofing source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of...

vBulletin 1.0/2.x/3.0 - &#039;index.php&#039; User Interface Spoofing

source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. Remote attackers may potentially exploit th...

[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 477-1 [email protected] http://www.debian.org/security/ Martin Schulze April 6th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 477-1 [email protected] http://www.debian.org/security/ Martin Schulze April 6th, 2004 http://www.debian.org/security/faq -...

Invision Power Top Site List SQL Injection Vulnerability

Vendor : Invision Power Services URL : http://www.invisiontsl.com Version : Invision Power Top Site List v1.1 RC 2 && Earlier Risk : SQL Injection Vulnerability Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web...

Webdeskpro role modify vulnerability

Webdeskpro has 4 role authority levels- author, editor, administrator, master We found a vulnerability in Webdeskpro UI. After login, if we modify some role variables as follows , we can read upper role level?s files. Role Modification FRAME...

Important: Red Hat Security Advisory: : Updated XFree86 4.1.0 packages are available

Updated XFree86 packages that resolve various security issues and additionally provide a number of bug fixes and enhancements are now available for Red Hat Linux 7.1 and 7.2. XFree86 is an implementation of the X Window System, which provides the graphical user interface, video drivers, etc. for...

Important: Red Hat Security Advisory: ggv security update

Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow when reading malformed PDF or PostScript files. Updated 07 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 Gv and ggv are user interface...

Asked to re-authenticate to delete issue

/jira/secure/DeleteIssue!default.jspa?id=10012 everything seems to work ok, but I try to delete previously existing issue and I get redirected to the URL above. instead of a delete issue page, I get a login page, only it looks messed up - it's the login form table miniwindow except spread 100%...