PYSEC-2005-1

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service memory consumption and application crash via HTML files with a large ROWSPAN attribute in a TD tag...

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service memory consumption and application crash via HTML files with a large ROWSPAN attribute in a TD tag...

Commodity Rentals 2.x "user_id" Sql inj.

Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html Vendor:http://www.commodityrentals.com/ affected version: 2.x and prior Product Description: CommodityRentals is the most comprehensive Online Rental Business...

kernel security update

CentOS Errata and Security Advisory CESA-2005:808 Updated kernel packages that fix several security issues and a page attribute mapping bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The...

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

CVE-2005-2710

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the 1 image handle or 2 timeformat attribute in a RealPix .rp or RealText .rt file...

CVE-2002-1813

Directory traversal vulnerability in AOL Instant Messenger AIM 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link...

CVE-2005-1638

The writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting XSS vulnerabilities in applications that rely on SafeHTML for protection...

CVE-2005-1638

The vulnerability CVE-2005-1638 affects the SafeHTML library, with the _writeAttrs function failing to properly quote attribute values. This mis-handling can enable cross-site scripting (XSS) in applications that rely on SafeHTML for protection. Affected: SafeHTML prior to 1.3.2. Root cause: insu...

CVE-2003-1136

Cross-site scripting XSS vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via 1 HTML in a posted message or 2 Javascript in an onmouseover attribute in an e-mail address or URL...

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

security flaw

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

CVE-2003-1106

The CVE-2003-1106 entry describes a DoS condition in the SMTP service of Microsoft Windows 2000 prior to SP4. A remote attacker can crash or hang the service by sending an e-mail with a malformed FILETIME timestamp. The provided documents do not specify a patch or workaround; no exploit code or i...

CVE-2004-0462

The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server...

CVE-2004-1527

Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers ...

Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption

Microsoft Windows Media Player 9.0 - ActiveX Control Media File Attribute Corruption source: https://www.securityfocus.com/bid/12031/info The Windows Media Player ActiveX control is prone to a security weakness. The issue is that the control may be abused by a Web page to change attributes of med...

Vilistextum 2.6.6 - HTML Attribute Parsing Buffer Overflow

Vilistextum 2.6.6 - HTML Attribute Parsing Buffer Overflow source: https://www.securityfocus.com/bid/11979/info Vilistextum is prone to a buffer overflow vulnerability. This issue is exposed when the application parses HTML attributes while converting an HTML file to text/ASCII. Since HTML files...

CVE-2004-0938

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service server crash by sending an Ascend-Send-Secret attribute without the required leading packet...