Saurus CMS 4.7.0 Cross Site Scripting

Vulnerability ID: HTB22361 Reference: http://www.htbridge.ch/advisory/xssinsauruscms.html Product: Saurus CMS Community Editon Vendor: Saurused Ltd Vulnerable Version: 4.7.0 Vendor Notification: 27 April 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted, Awaiting...

XSS vulnerability in EasyPublish CMS

Vulnerability ID: HTB22356 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityineasypublishcms.html Product: EasyPublish CMS Vendor: Escio AS Vulnerable Version: Current at 23.04.2010 and Probably Prior Versions Vendor Notification: 23 April 2010 Vulnerability Type: XSS Cross Site Scripti...

Jaws 0.8.12 Cross Site Scripting

Vulnerability ID: HTB22357 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinjaws.html Product: Jaws Vendor: Jaws Project Vulnerable Version: 0.8.12 and Probably Prior Versions Vendor Notification: 23 April 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor...

Acuity CMS 2.6.2 Cross Site Scripting

Vulnerability ID: HTB22352 Reference: http://www.htbridge.ch/advisory/xssinacuitycms.html Product: Acuity CMS asp version Vendor: The Collective Vulnerable Version: 2.6.2 ASP and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not...

Mozilla Firefox Code Execution Vulnerability (Windows) - May10

The host is installed with Mozilla Firefox browser and is prone to code execution vulnerability OpenVAS Vulnerability Test $Id: gbfirefoxcodeexevulnwinmay10.nasl 5306 2017-02-16 09:00:16Z teissa $ Mozilla Firefox Code Execution Vulnerability Windows - May10 Authors: Antu Sanadi Copyright: Copyrig...

CVE-2010-1585

CVE-2010-1585 affects Mozilla Firefox (ParanoidFragmentSink) where nsIScriptableUnescapeHTML.parseFragment fails to sanitize chrome HTML, enabling remote JavaScript execution via javascript: URIs in input to extensions. Affected products/versions: Firefox <3.5.17 and <3.6.14; SeaMonkey <...

CVE-2010-0179

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

CVE-2010-0179

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute...

Design/Logic Flaw

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, a...

CVE-2010-0063

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, a...

Mozilla Foundation Security Advisory 2009-70

Mozilla Foundation Security Advisory 2009-70 Title: Privilege escalation via chrome window.opener Impact: Moderate Announced: December 15, 2009 Reporter: David James Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1 Description Security researcher David James...

Viscacha 0.8 Gold persistant XSS vulnerability

No description provided by source. Viscacha 0.8 Gold persistant XSS vulnerability Found By: mrme Download: http://www.viscacha.org/ Tested On: Windows Vista Note: For educational purposes only POC Info: A regular user of the board can embed javascript code that could be executed within the contex...

Design/Logic Flaw

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...

CVE-2009-4148

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...

Information disclosure

Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is...

CVE-2009-4127

Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is...

CVE-2009-3374

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to...

CVE-2009-3374

CVE-2009-3374 affects Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4. The XPCVariant::VariantDataToJS function in the XPCOM layer does not enforce restrictions on interaction between chrome privileged code and objects from remote sites, allowing a remote attacker to execute arbitrary ...

Mozilla Thunderbird WYSIWIG Engine Filtering IFRAME JavaScript Execution (CVE-2006-0884)

Mozilla Thunderbird is an email client application often seen as an alternative to the mainstream Microsoft email clients. Thunderbird supports various email delivering protocols such as SMTP, IMAP and POP3. The program is also capable of reading and composing HTML formatted email messages. A...

Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...