CVE-2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...

CVE-2009-1698

CVE-2009-1698 affects WebKit-based components (Safari before 4.0 and iPhone OS/iPod touch up to 2.2.1). The issue is an uninitialized pointer during handling of a CSS attr() function with a large numeric argument, enabling remote code execution or memory-corruption-induced denial of service via a...

Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of attr functions in a CSS content...

RedHat Security Advisory RHSA-2009:1066

The remote host is missing updates announced in advisory RHSA-2009:1066. A server-side code injection flaw was found in the SquirrelMail mapypalias function. If SquirrelMail was configured to retrieve a user SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2009:1066 An updated squirrelmail package that fixes multiple security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. SquirrelMail is a...

RHEL 4 / 5 : squirrelmail (RHSA-2009:1066)

The remote Redhat Enterprise Linux 4 / 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2009:1066 advisory. SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail...

squirrelmail security update

1.4.8-5.0.1.el53.7 - Remove Redhat splash screen images 1.4.8-5.7 - fix broken patch for CVE-2009-1579 1.4.8-5.6 - fix broken patch for CVE-2009-1579 1.4.8-5.5 - don't ship patch backup files 1.4.8-5.4 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 : Server-side code...

DSA-1802-1 squirrelmail - several vulnerabilities

Bulletin has no description...

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets CSS positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting XSS and phishing attacks, via a crafted...

CVE-2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets CSS positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting XSS and phishing attacks, via a crafted...

CVE-2009-1581

CVE-2009-1581 affects SquirrelMail up to version 1.4.18, where functions/mime.php fails to protect against CSS positioning in HTML email. This allows a remote attacker to spoof the user interface and can enable cross-site scripting (XSS) and phishing via a crafted message. The connected advisorie...

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets CSS are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files...

CVE-2009-0942

CVE-2009-0942 affects Apple Mac OS X 10.4.11 and 10.5 prior to 10.5.7 where Help Viewer loads CSS references from URLs without verifying they reside in a registered help book. This can allow a remote attacker to craft a malicious help: URL that triggers AppleScript execution and arbitrary code ex...

Cross site scripting

Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...

CVE-2009-1616

Cross-site scripting XSS vulnerability in docs/showdoc.php in Coppermine Photo Gallery CPG before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505...

Coppermine Photo Gallery css参数跨站脚本漏洞

BUGTRAQ ID: 34782 Coppermine是用PHP编写的多用途集成Web图形库脚本。 Coppermine的docs/showdoc.php文件没有正确地验证用户所提供的css参数便返回给了用户，远程攻击者可以通过提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。 Coppermine Photo Gallery 1.4.x Coppermine ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Cross site scripting

Cross-site scripting XSS vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets CSS...

CVE-2009-1035

Cross-site scripting XSS vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets CSS...

CVE-2009-1035

The CVE-2009-1035 entry applies to the Drupal Tasklist module (versions 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1). The vulnerability is an XSS flaw where remote authenticated users can inject arbitrary web script or HTML via Cascading Style Sheets (CSS). Impact is a user-driven XS...