DEBIAN-CVE-2006-3913

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 negative chunklength or a 2 large chunk-offset value in a PACKETPLAYERATTRIBUTECHUNK packet in the...

CVE-2006-3767

The CVE-2006-3767 entry describes a Cross-site Scripting (XSS) vulnerability in Darren's osDate 1.1.7 and earlier (showprofile.php) that allows remote attackers to inject arbitrary script/HTML via the onerror attribute in an HTML IMG tag with a non-existent src, used when posting a comment (txtco...

CVE-2006-3538

Multiple cross-site scripting XSS vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the 1 "Your name" field and 2 "Enter Prayer Request here" field...

CVE-2006-3427

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service crash by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference...

CVE-2006-2991

Multiple cross-site scripting XSS vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in 1 next.cgi, 2 stats.cgi, or 3 list.cgi...

CVE-2006-2991

CVE-2006-2991 describes multiple XSS vulnerabilities in Ringlink 3.2. The issue arises via a JavaScript URI in the SRC attribute of an IMG element (ringid parameter) in next.cgi, stats.cgi, or list.cgi. Affected component: Ringlink 3.2; vulnerability class: cross-site scripting; impact per NVD me...

CVE-2006-2975

Multiple cross-site scripting XSS vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the 1 name, 2 email, and 3 website parameter, which bypasses XSS protection mechanisms that...

Cross site scripting

Cross-site scripting XSS vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "//" comment sequences, which bypasses the XSS protection scheme...

CVE-2006-2969

Cross-site scripting XSS vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations...

CVE-2006-2966

Cross-site scripting XSS vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "//" comment sequences, which bypasses the XSS protection scheme...

Opera: Buffer overflow

Background Opera is a multi-platform web browser. Description SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buff...

Cross site scripting

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2808

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2785

Cross-site scripting XSS vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into 1 performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or 2 selecting "Show on...

CVE-2006-2775

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL...

CVE-2006-2775

The CVE-2006-2775 issue affects Mozilla Firefox and Thunderbird prior to 1.5.0.4. It arises from XUL attribute handling that can be associated with an incorrect URL under certain conditions, potentially letting a persisted string be linked to the wrong URL and thereby bypass restrictions. The fla...

CVE-2006-2775

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL...

Cross site scripting

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in submitarticle.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets CSS property of a STYLE attribute of an...

CVE-2006-2567

Cross-site scripting XSS vulnerability in submitarticle.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets CSS property of a STYLE attribute of an...