CVE-2007-1176

Multiple cross-site scripting XSS vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 Gallery Comments pages, 2 Feedback pages, 3 Search Results pages, and 4 the Statistics Log viewer...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:031)

Konqueror 3.5.5 does not properly parse HTML comments in title tags, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478. Updated packages have been patch...

Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv4.pl,v 0.2 2007/02/15 13:28:29 str0ke Exp $ milw0rmdrupalv4.pl - Drupal 4.7.6 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through norma...

Sql injection

SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter...

Unfixed XSS vulnerability at www.lovelyparty.co.uk

Security researcher x2Fusion, has submitted on 02/09/2007 a cross-site-scripting XSS vulnerability affecting www.lovelyparty.co.uk, which at the time of submission ranked 6115330 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/09/2007. It is...

USN-420-1: KDE library vulnerability

Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections...

DEBIAN-CVE-2007-0541

WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...

Cross site scripting

The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...

CVE-2007-0537

The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...

CVE-2007-0537

The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...

CVE-2007-0537

The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...

Cross site scripting

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment...

Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability

Overview: Safari on occasions may improperly parse the source of an HTML document, which can lead to the execution of html tags within comments. This can become dangerous when input filters allow html tags within comments, as they will get parsed and executed under certain circumstances. Details:...

Cross site scripting

Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...

CVE-2007-0231

Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...

CVE-2007-0231

Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...

CVE-2007-0231

CVE-2007-0231 describes a cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33 where, if nofollow is disabled and unmoderated comments are enabled, a remote attacker can inject arbitrary web script or HTML via the Comments field. The vulnerability concerns Movable Type 3.33 and is t...

[SA23669] Movable Type "nofollow" Plugin Comment Script Insertion

TITLE: Movable Type "nofollow" Plugin Comment Script Insertion SECUNIA ADVISORY ID: SA23669 VERIFY ADVISORY: http://secunia.com/advisories/23669/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Movable Type 3.x http://secunia.com/product/5753/ DESCRIPTION: A...

AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities

No description provided by source. AllMyGuests 3.0 Remote File Inclusion Vulnerability Software: AllMyGuests Version: 3.0 Download: http://download.php-resource.net/AllMyGuests/AllMyGuests0.3.0.zip Found By: beks Bug In: /include/submit.inc.php /admin/index.php /include/cmsubmit.inc.php...

security flaw

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption...