CVE-2008-5839

Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element...

CVE-2008-5821

Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service memory consumption and browser crash via a long ALINK attribute in a BODY element in an HTML document...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

CVE-2008-5761 affects FlatnuX CMS (aka Flatnuke3). The provided documents describe multiple cross-site scripting (XSS) vulnerabilities: (1) via the mod parameter in the default URI, (2) via the foto parameter to photo.php in the 05_Foto module, and (3) via the name parameter in an insertrecord ac...

Certain characters can be used to allow cross-site scripting

When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot contain scripts. If the content is to be used inside an HTML attribute, characters that separate attributes need to be filtered out to prevent scripted attributes...

Certain characters can be used to allow cross-site scripting – Opera Security Advisories

Certain characters can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | December 17, 2008 Severity Highly Severe Problem Description When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot...

Representation of DOM attribute values could allow cross-site scripting

When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their values to bypass sanitization filters. If these values are used as document content, they may in some cases allow scripts to be inserted...

Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories

Representation of DOM attribute values could allow cross-site scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderately Severe Problem Description When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their...

Internet Explorer embed tag src extension buffer overflow

Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...

Tomcat host manager xss - name field

Cross-site scripting XSS vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter aka the hostname attribute to host-manager/html/add...

CVE-2008-5282

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via 1 a link with a long HREF attribute, and 2 a DIV tag with a long id attribute...

CVE-2008-5282

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via 1 a link with a long HREF attribute, and 2 a DIV tag with a long id attribute...

kernel security and bug fix update

2.6.9-78.0.8.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix skb alignment that was causing sendto to fail with EFAULT Olaf Kirch orabug 6845794 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with...

Flash Player HTML injection flaw

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...

Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow (PoC)

Net-SNMP 5.1.45.2.45.4.1 Perl Module - Buffer Overflow PoC !usr/bin/perl -w Buffer overflow in the snprintvalue function in snmpget in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via ...

CVE-2008-4823

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...

CVE-2008-4823

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...

Flash Player HTML injection flaw

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...