IBM ISS Internet扫描器HTML代码注入漏洞

BUGTRAQ ID: 28014 ISS Internet Scanner是一款商业性质的漏洞扫描评估工具。 ISS Internet扫描器在保存HTML报表时没有正确地验证对某些参数的输入，这可能导致注入任意HTML和脚本代码，当用户查看报表的时候就会在浏览器会话中执行。 IBM ISS Internet Scanner 7.0 SP2 build 7.2.2005.52 厂商补丁： IBM --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ers.ibm.com/...

Debian Security Advisory DSA 109-1 (faqomatic)

The remote host is missing an update to faqomatic announced via advisory DSA 109-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

webquest-db.txt

--==+================================================================================+==-- --==+ PHP Webquest 2.6 Get Database's Credential +==-- --==+================================================================================+==-- Author: MhZ91 Title: PHP Webquest 2.6 Get Database's...

IPTBB <= 0.5.4 (viewdir id) Remote Sql Injection Vulnerability

No description provided by source. --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Remote Sql Injection ---------------------------------------------------------------...

Gallery 2.2.4之前版本多个远程安全漏洞

BUGTRAQ ID: 27035 Gallery是基于Web的开源相册管理器。 Gallery的2.2.4之前版本存在多个安全漏洞，允许恶意用户泄露敏感信息、执行跨站脚本攻击、绕过安全限制或入侵有漏洞的系统。 1 Publish XP模块中的漏洞可能导致未经正确的授权便创建和上传文件。 2 URL重写模块中的管理员控制器中的漏洞可能允许包含本地文件。 3 core和add-item模块中没有正确地过滤通过文件名所传送的输入，导致在用户浏览器会话中执行任意HTML和脚本代码。 4 Core/MIME模块中没有对上传文件的扩展名执行正确的检查。 5 Gallery...

bitcomet-xss.txt

The program is vulnerable to attacks of the kind xss the parameter "about:" scripts without authorization in the example that I am presenting is a page that runs a while with a msgbox infinity. Create an html file and paste the following code while1alert"Juan Pablo Lopez Yacubian""...

VBTube 1.1 - Search Cross-Site Scripting

VBTube 1.1 - Search Cross-Site Scripting source: https://www.securityfocus.com/bid/26566/info VBTube is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a...

Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service

source: https://www.securityfocus.com/bid/26172/info Mozilla Firefox is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Firefox 2.0.0.7 is vulnerable; other...

Mozilla Firefox 2.0.0.7 - Remote Denial of Service

i WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Bug Title: Mozilla Firefox 2.0.0.7 Denial of Service Vendor URL: www.mozilla.org Version: & Bug Description To do this work we need 2 files Html,XML. Their codes was written below. Save below codes in a HTML file...

DB Manager XSS vuln.

Sunday, 7 October 2007 DB Manager XSS vuln. Vuln. discovered by : r0t Date: 7 October 2007 Vendor:http://www.moderndayworld.com/Scripts/Products/?id=S-DM2.0 affected versions:DB Manager 2.0 other versions also can be affected. DB Manager contains a flaw that allows a remote Cross-Site Scripting...

Directory Image Gallery XSS vuln.

Sunday, 7 October 2007 Directory Image Gallery XSS vuln. Vuln. discovered by : r0t Date: 7 October 2007 Vendor:http://splitside.net/store/index.php?mainpage=productinfo&productsid=1 affected versions:Directory Image Gallery 1.1 other versions also can be affected. Directory Image Gallery contains...

Urchin Multiple XSS vuln.

Urchin Multiple XSS vuln. Vuln. discovered by : r0t Date: 1 September 2007 vendor:www.roirevolution.com/urchin/ orginal advisory: http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html affected versions:tested on Urchin v5.6.00r2 other versions also can be affected. Urchin...

XXS в ActiveKB NX 2.5.4

Здравствуйте, 3APA3A. Software: ActiveKB NX 2.5.4 Vendor: www.interspire.com Vulnerability: XXS Risk: низкий Date: 1.09.2007 discovered by durito damagelab -duritoatmaildotru- HTTP: durito.narod.ru +:| Details |: Удаленный атакующий может с помощью специально сформированного URL выполнить...

Microsoft Internet Explorer Position:Relative拒绝服务漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer不正确处理部分HTML代码，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建类似如下的恶意页面，诱使用户访问： styleposition:relative/styletableinput/table 可导致应用程序崩溃。 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Citrix...

Microsoft Internet Explorer 6 - Position:Relative Denial of Service

Microsoft Internet Explorer 6 - Position:Relative Denial of Service source: https://www.securityfocus.com/bid/25222/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote...

Microsoft Internet Explorer 6 - Position:Relative Denial of Service

source: https://www.securityfocus.com/bid/25222/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote attacker entices a victim user to visit a malicious website. Attackers ma...

[BuHa-Security] DoS Vulnerability in Konqueror 3.5.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 16 | Aug 01st, 2007 | --------------------------------------------------- | Vendor | KDE's Konqueror | | URL | http://www.konqueror.org/ | | Version | = 3.5.7 | | Risk |...

Interact multiple XSS vuln.

Interact multiple XSS vuln. Vuln. discovered by : r0t Date: 21 June 2007 vendor:www.interactole.org orginal advisory: http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html affected versions: tested on "Interact 2.4 beta 1" other versions also can be affected. Interact contains ...

Cisco CallManager Web Interface Input Validation Bypass Vulnerability

Cisco CallManager versions 4.31 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and conduct cross-site scripting attacks. This vulnerability exists due to insufficient sanitization of user-supplied input to the CallManager web...

Microsoft Internet Explorer page content spoofing

Crossite scripting in res://ieframe.dll/navcancl.htmhttp://www.site.com page allows to inject HTML code into page...