24 matches found
EUVD-2005-0693
Malware in sbrugna...
EUVD-2009-0308
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-1010083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data...
Attackers Use Encoded JavaScript to Deliver Malware
Cyber attackers are using encoded JavaScript files to hide malware, abusing Microsoft's Script Encoder to disguise harmful scripts…...
Collabora Online 安全漏洞
Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions prior to 24.04.6.2, which stems from the ability to inject...
Malvertising on Microsoft Edge's News Feed pushes tech support scams
While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular...
UBUNTU-CVE-2021-26929
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...
CVE-2020-15299
A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...
CVE-2020-15299
A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...
KingComposer < 2.9.5 - Unauthenticated Reflected Cross-Site Scripting
A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...
Persistent XSS vulnerability in eBuddy Web Messenger
Persistent XSS vulnerability in eBuddy Web Messenger A team member from Virtual Luminous Security , Russian Federation, has discovered a persistent XSS vulnerability in eBuddy the biggest web IM solution in the world by transmitting messages with embedded encoded javascript code. In-depth detail...
Cross site scripting
Cross-site scripting XSS vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa...
CVE-2006-5442
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...
CVE-2006-4317
Cross-site scripting XSS vulnerability in attachment.php in WoltLab Burning Board WBB 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript...
CVE-2006-4317
CVE-2006-4317 affects WoltLab Burning Board (WBB) 2.3.5 in attachment.php. It is a cross-site scripting (XSS) vulnerability where a GIF image containing URL-encoded Javascript can be used to inject arbitrary script, with the impact described as partial confidentiality/integrity/availability in th...
Cross site scripting
DISPUTED Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when...
CVE-2006-0070
Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtere...
PT-2006-1155 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal versions prior to 4.5.6 Drupal versions prior to 4.6.4 when "Filtered HTML" is not enabled Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript...
CVE-2005-0563
Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...
CVE-2005-0563
Cross-site scripting XSS vulnerability in Microsoft Outlook Web Access OWA component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL "jav&X41script:" in an IMG tag...