CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

[UNIX] MAXdev MD-Pro Multiple Vulnerabilities (Code Execution, Path Disclosure and CSS)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

[SA16427] SafeHTML UTF-7 XSS and CSS Comments Handling Security Bypass

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2608

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting XSS attacks in vulnerable applications that use SafeHTML...

CVE-2005-2608

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting XSS attacks in vulnerable applications that use SafeHTML...

ASP-Nuke RC1-RC2 用户资料页面跨站脚本(CSS/XSS)执行漏洞

BugCVE: CAN-2002-0521 BUGTRAQ: 4481 ASP-Nuke对用户输入过滤上存在漏洞，可使远程攻击者利用在论坛上发贴对其他浏览用户进行跨站脚本执行攻击。 ASP-Nuke中的用户资料页面处理用户输入时没有充分过滤相关Javascript代码，攻击者可以在任意用户资料字段处输入恶意脚本代码，当其他用户浏览相关信息的时候，脚本将在用户的浏览器中执行。攻击者可能借此得到用户基于Cookie的认证信息。 ASP-Nuke RC1-RC2 厂商补丁： ASP-Nuke --------...

Gravity Board X 1.1 - CSS Template Unauthorized Access

Gravity Board X 1.1 - CSS Template Unauthorized Access source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to...

Gravity Board X 1.1 - CSS Template Unauthorized Access

source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An attacker can exploit this...

ipb Css bug(now public)

the css found when you uploading a file to the server by the "atteched file" function.. in ipb you can upload some HTML file,in the html file write this: html body scriptalert'Css found By ViRuS';/script /body /html when someone will click on the attechment file the script will run. sry about my...

PHP-Fusion <= 6.00.106 Multiple Vulnerabilities

According to its banner, the remote host is running a version of PHP-Fusion that suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-supplied input to the 'msgview' parameter of the 'messages.php' script before using it in database queries...

CVE-2005-2401

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets CSS via the BBCode color tag...

CVE-2005-2401

PHP-Fusion is affected by CVE-2005-2401: remote attackers can inject arbitrary CSS through the BBCode color tag in posts. The related Nessus plugin and CVE records indicate this affects PHP-Fusion builds around the 6.0x line (e.g.,

CVE-2005-2401

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets CSS via the BBCode color tag...

PHP-Fusion < 6.00.107 Multiple Vulnerabilities

Binary data 3100.prm...

[SA16096] PHP-Fusion BBcode &quot;color&quot; CSS Code Insertion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-2226

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets CSS document on the attacker's server...

CVE-2004-2226

This CVE affects Mozilla Mail 1.7.1/1.7.3 and Thunderbird before 0.9. When HTML-Mails is enabled, an attacker can cause an HTML e‑mail to reference a CSS document on the attacker's server, enabling a remote attacker to determine valid e‑mail addresses. The core issue is an information-disclosure ...

Code execution via "Set as Wallpaper" — Mozilla

If an attacker can convince a victim to use the "Set As Wallpaper" context menu item on a specially crafted image then they can run arbitrary code on the user's computer. The image "source" must be a javascript: url containing an eval statement and such an image would get the "broken image" icon,...

CVE-2002-1705

Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service crash via a Cascading Style Sheet CSS with the pcssText element declared and a bold font weight...

CVE-2002-1705

CVE-2002-1705 concerns Microsoft Internet Explorer 5.5 through 6.0, where a remote attacker could cause a denial of service (crash) by supplying a Cascading Style Sheet that uses the p{cssText} element declared with a bold font weight. Affected product family is Internet Explorer; the root cause ...