2672 matches found
mediawiki -- Clickjacking vulnerabilities
Clickjacking vulnerabilities: Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and...
Design/Logic Flaw
The Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a...
CVE-2010-4012
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button...
XSS vulnerability in Create Space Button macro
We have identified and fixed a cross-site scripting XSS vulnerability in the Confluence create-space-button macro. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page. You can read more about XSS attacks at various places on the web, including...
Visual MP3 Splitter & Joiner 6.1 - '.wav' Buffer Overflow
Title: Visual MP3 Splitter & Joiner 6.1 .wav Buffer Overflow Vulnerability Author : anT!-Tr0J4n Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Greetz : Dev-PoinT.com ; GlaDiatOr,SILVER STAR , HoBeeZ, Coffin Of Evil special thanks : r0073r,Sid3^effects,L0rd...
Immunity Canvas: ADOBE_FLASH_BUTTON
Name| adobeflashbutton ---|--- CVE| CVE-2010-3654 Exploit Pack| CANVAS Description| adobeflashbutton Notes| CVE Name: CVE-2010-3654 VENDOR: Adobe NOTES: Exploitation through an PDF file is more reliable than with a direct HTML/Flash exploit VersionsAffected: Adobe Acrobat Reader 9.4.0...
Firefox Interleaving document.write and appendChild Denial of Service
No description provided by source. Source: https://bugzilla.mozilla.org/showbug.cgi?id=607222 htmlbody script function getattsstr var cobj=document.createElementstr; cobj.id="testcase"; document.body.appendChildcobj; var obj=document.getElementById"testcase"; var atts = new Array; forp in obj...
CVE-2010-2532
lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no...
Tplayer V1R10 - Denial of Service
Tplayer V1R10 - Denial of Service !/usr/bin/python print "--------------------Exploit By 41.w4r10r------------------------------\n" print "-------------------41.w4r10r@gmail.com-----------------------------\n" print "----------------Tplayer V1R10 DoS Exploit------------------------------\n" print...
uzbl uzbl-core - @SELECTED_URI Mouse Button Bindings Command Injection
uzbl uzbl-core - @SELECTEDURI Mouse Button Bindings Command Injection source: https://www.securityfocus.com/bid/42297/info uzbl 'uzbl-core' is prone to a vulnerability that lets attackers inject arbitrary commands because the application fails to adequately sanitize user-supplied input. This issu...
Facebook Š²Š²Š¾Š“ŠøŃ ŃŃŠ½ŠŗŃŠøŃ Š¶Š°Š»Š¾Š±Ń Š½Š° ŠæŠµŠ“Š¾ŃŠøŠ»Š¾Š²
ŠŠ“Š¼ŠøŠ½ŠøŃŃŃŠ°ŃŠøŃ Facebook ŠæŃŠµŠ“Š¾ŃŃŠ°Š²ŠøŃ ŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŠµŠ»ŃŠ¼ Š²Š¾Š·Š¼Š¾Š¶Š½Š¾ŃŃŃ Ń ŠæŠ¾Š¼Š¾ŃŃŃ ŃŠæŠµŃŠøŠ°Š»ŃŠ½Š¾Š¹ ŠŗŠ½Š¾ŠæŠŗŠø ŠæŠ¾Š¶Š°Š»Š¾Š²Š°ŃŃŃŃ Š½Š° ŠæŠ¾Š“Š¾Š·ŃŠøŃŠµŠ»ŃŠ½ŃŠµ Š“ŠµŠ¹ŃŃŠ²ŠøŃ ŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŠµŠ»ŠµŠ¹ ŃŠ¾ŃŠøŠ°Š»ŃŠ½Š¾Š¹ ŃŠµŃŠø. ŠŃŠµ ŃŃŠµŠ²Š¾Š¶Š½ŃŠµ ŃŠ¾Š¾Š±ŃŠµŠ½ŠøŃ Š±ŃŠ“ŃŃ ŠæŠµŃŠµŃŃŠ»Š°ŃŃŃŃ Š½ŠµŠæŠ¾ŃŃŠµŠ“ŃŃŠ²ŠµŠ½Š½Š¾ Š² ŠµŠ²ŃŠ¾ŠæŠµŠ¹ŃŠŗŠøŠ¹ Š¦ŠµŠ½ŃŃ Š¾Š½Š»Š°Š¹Š½-Š±ŠµŠ·Š¾ŠæŠ°ŃŠ½Š¾ŃŃŠø Šø Š·Š°ŃŠøŃŃ Š“ŠµŃŠµŠ¹ Š¾Ń ŃŠŗŃŠæŠ»ŃŠ°ŃŠ°ŃŠøŠø Child...
Configuring JavaScript Settings
Once you click the Advanced button, a second window opens to allow you to disable specific JavaScript features. We recommend disabling all of the options displayed in this dialog...
JavaScript Settings
The Content category contains an option to block annoying pop-up windows. Be sure to check that box. From this screen, you can disable specific JavaScript features by clicking on the Advanced button. See next screen...
Software Index a remote file upload vulnerability-vulnerability warning-the black bar safety net
Upload file filter is not strict, resulting in remote file upload executable code vulnerabilities. Bulk Google Dork : Copyright 2 0 1 0. Software Index Exp: the html head TitleSelect Image File for uploading/Title script language="JavaScript" function checkFile if form1. userfile. value == ""...
Can not UPDATE the "Viewable By" field of an issue
After the creation of an issue it is by default viewable by "All Users". It is not possible to change the value after re-editing that issue. After changing it and clicking the "Update" button, the viewable by entry stays "All Users"...
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)
About the security content of Safari 5.0 and Safari 4.1 Last Modified: June 07, 2010 Article: HT4196 Email this article Print this page Summary This document describes the security content of Safari 5.0 and Safari 4.1. For the protection of our customers, Apple does not disclose, discuss, or...
Disable ActiveX Controls
For a more fine-grained control over what features are allowed in the zone, click the Custom Level button. At this point, you can control the specific security options that apply to the current zone. For example ActiveX can be disabled by selecting Disable for Run ActiveX controls and plug-ins...
CVE-2010-1536
Cross-site scripting XSS vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-1536
Cross-site scripting XSS vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-1536
The CVE refers to a Cross-site scripting (XSS) vulnerability in the Drupal AddThis Button module. Affected versions are 5.x before 5.x-2.2 and 6.x before 6.x-2.9. The issue allows remote authenticated users with administer addthis privileges to inject arbitrary web script or HTML via unspecified ...