Cisco CSS 11000 Series Content Services Switch vulnerable to DoS via malformed UDP packets

Overview Several models of the Cisco Content Services Switch contain a vulnerability in their management interface that allows an attacker to restart the switch, resulting in a denial of service attack. Description The Cisco CSS 11000 Series Content Services Switches contain a vulnerability in...

Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability

...

LiveJournal 1.1 - CSS HTML Injection

LiveJournal 1.1 - CSS HTML Injection source: https://www.securityfocus.com/bid/9727/info LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet CSS tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. This could...

Security Advisory: CSS Vulnerability in Web Froums Server 1.6

Security Advisory: CSS Vulnerability in Web Froums Server 1.6 Data: 27.01.2004 Application: Web Froums Server 1.6 Vendor: www.minihttpserver.net Versions: 1.6 and Shareware : Platforms: Windows Bug: JS/HTML code injection. Risk: Low Mini-description for Forums Web Server v1.6: "WebForums Server...

CVE-2003-1505

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service crash by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved...

Caucho Resin Crossite Scripting

Crossite scipring in few CSS examples...

CVE-2003-0677

Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service CPU consumption or reboot via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."...

CVE-2003-0677

CVE-2003-0677 affects Cisco CSS 11000 routers on the CS800 chassis. The vulnerability enables denial of service via a flood of TCP SYN packets to the circuit IP address, causing high CPU usage or a reboot. The available documents do not provide specific affected firmware versions or official fixe...

CVE-2003-0677

Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service CPU consumption or reboot via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure."...

Cisco CSS 11000 Series DoS

ID: S21SEC-025-en Title: Cisco CSS 11000 Series DoS Date: 04/07/2003 Status: Solution available Scope: Interruption of service, high CPU load. Platforms: All/Chassis CS800. Author: ecruz, egarcia, jandre Location: http://www.s21sec.com/en/avisos/s21sec-025-en.txt Release: External S 2 1 S E C...

Cisco CSS 11000 Series DoS

SYN flood causes device to reboot...

CVE-2003-0116

CVE-2003-0116 affects Microsoft Internet Explorer 5.01, 5.5 and 6.0. The vulnerability arises from IE not properly validating the Cascading Style Sheet input parameter used by Modal dialogs, enabling remote code execution where an attacker can run script in a dialog and read local files via a cra...

CVE-2002-0594

CVE-2002-0594 affects Netscape 6 and Mozilla 1.0 RC1 and earlier. A CSS LINK element that triggers an HTTP redirect can let remote attackers determine the existence of local files, exposing partial confidentiality. The CVSS v2 base score is 5.0 (Network, Low complexity, No user interaction). Red ...

phpmynuke css and phpinfo() vuls

myphpnuke version 1.8.8final7 and prior that contain sysinfo are vulnerable to both css attack and phpinfo Disclosure. The problem is that unlike the rest of the scripts under /admin/, sysinfo's footer script called systemfooter.php does not check who the user is. Inside systemfooter.php the...

SECURITY.NNOV: ikonboard 3.1.1 CSS

Dear bugtraq@, Ikonboard CSS bug via IMG tag was reported long time ago for 3.0.x. The only change in Ikonboard 3.1.1 at least on sending private messages is it checks URL extension to be .gif or .jpg, so IMGjavascript:alertdocument.cookie.gif/IMG still works perfectly.... Sorry if it was already...

Lycos HTMLGear - guestGear CSS HTML Injection

Lycos HTMLGear - guestGear CSS HTML Injection source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code ...

Lycos HTMLGear - guestGear CSS HTML Injection

source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendere...

CVE-2001-1402

Bugzilla before 2.14 does not properly escape untrusted parameters, enabling cross-site scripting (XSS) and potentially SQL injection via multiple input points. Affected areas include reports.cgi (product/output form variables), showvotes.cgi (voteon, bug_id, user), createaccount.cgi (email), sho...

CVE-2002-0792

The CVE-2002-0792 entry covers the Cisco Content Service Switch (CSS) 11000 series web management interface vulnerability. Reports from NVD and CERT indicate that remote attackers can trigger a denial-of-service by sending either an HTTPS POST request or malformed XML data, causing the device to ...

CVE-2002-0594

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet CSS page that causes an HTTP redirect...