Apple iPhone 1.1.4/2.0 and iPod 1.1.4/2.0 touch Safari WebKit 'alert()' Function Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31061/info Apple iPhone and iPod touch are prone to a remote denial-of-service vulnerability that occurs in the WebKit library used by the Safari browser. Remote attackers can exploit this issue to crash the affected...

Open Classifieds跨站脚本漏洞

CVE ID：CVE-2014-2024 Open Classifieds可以用来创建分类和目录。 由于没有充分过滤通过URI传递到"/shared-apartments-rooms/" URL的用户提供的数据，远程攻击者可以利用漏洞欺骗登录用户访问恶意链接，并在受影响网站上下文的浏览器中执行任意HTML和脚本代码。 0 Open Classifieds 2-2.1.2 厂商补丁： Open Classifieds ----- Open Classifieds 2-2.1.3版本以修复此漏洞，建议用户下载使用：...

Cross-Site Scripting (XSS) in Ilch CMS

High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting XSS attacks against users and administrators of vulnerable application. 1 Cross-Site Scripting XSS in Ilch CMS: CVE-2014-1944 The vulnerability exists due to...

Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Ad-minister Wordpress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Ad-minister Wordpress plugin: CVE-2013-6993 The vulnerability exists due to insufficient sanitisation ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...

CVE-2013-2022

CVE-2013-2022 refers to multiple XSS vulnerabilities in the Flash SWF component jplayer.swf (jPlayer) within actionscript/Jplayer.as. Affected are jPlayer versions before 2.2.23, where remote attackers could inject arbitrary script or HTML via the (1) jQuery or (2) id parameters in the jplayer.sw...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...

CVE-2012-2578

Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...

CVE-2012-3468

CVE-2012-3468 affects the Ushahidi Platform prior to 2.5. The vulnerability tier is high (CVSS v2 base score 7.5) and stems from multiple SQL injection weaknesses in specific code paths: (1) verify() in application/controllers/alerts.php, (2) save_all() in application/models/settings.php, and (3)...

DSA-1648-1 mon - insecure temporary files

Bulletin has no description...

CVE-2008-4382

Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service application crash via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters...

Opera 9.10 alert() Remote Denial of Service Exploit

No description provided by source. !-- \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

Opera 9.10 alert() Remote Denial of Service Exploit

Exploit for multiple platform in category dos / poc =================================================== Opera 9.10 alert Remote Denial of Service Exploit =================================================== \n" File.write"\n" Bof = 'A'44444 File.write"alert'"+Bof+"'\n" File.write"\n" File.write""...

CVE-2007-0148

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the Javascript alert function...

Format string

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the Javascript alert function...

CVE-2007-0148

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the Javascript alert function...

Apple OmniWeb Format string vulnerability

Format string vulnerability in javascript alert function...

CVE-2006-0070

Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtere...