KDE Konqueror 3.5.7 - Assert Denial of Service

KDE Konqueror 3.5.7 - Assert Denial of Service source: https://www.securityfocus.com/bid/25170/info KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle improperly formated HTML code. An attacker may exploit this vulnerability to cause Konqueror to crash,...

Microsoft Internet Explorer 6 - Local File Access

Microsoft Internet Explorer 6 - Local File Access source: https://www.securityfocus.com/bid/22621/info Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker...

Hacking tips related to the HTML code of alternative application-vulnerability warning-the black bar safety net

This is a on the HTML code of the attack, although the short point home to see how that can be achieved. Now the Windows operating system is really very easy, even the formatting is using only the mouse a little bit you can, not as before to the input command to complete the grid plate. We're goi...

[SA23623] Serene Bach Unspecified Cross-Site Scripting Vulnerability

TITLE: Serene Bach Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA23623 VERIFY ADVISORY: http://secunia.com/advisories/23623/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Serene Bach 2.x http://secunia.com/product/13155/ Serene Bach sb 1...

joomla -- multiple remote vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Joomla!, where some have unknown impacts and one can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can...

phpbb 2.0.x [xss]

vendor site:http://phpbb.com/ product:phpbb bug:xss risk:low A xss post has been discovered in phpbb ,the impact of this attack is very low ,because it's more a bug , than a vulnerability . An authentificated user can excute some html code in his private message box , by sending a message to an...

[SA22925] EC-CUBE Unspecified Cross-Site Scripting Vulnerability

TITLE: EC-CUBE Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA22925 VERIFY ADVISORY: http://secunia.com/advisories/22925/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: EC-CUBE 1.x http://secunia.com/product/12657/ DESCRIPTION: A...

Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability

Whitehat.org.uk Advisory 1 Mercury SiteScope 8.2 8.1.2.0 Cross Site Scripting XSS Vulnerability Vulnerability Type: Active code injection XSS Problem Discovered: 14 September 2006 Vendor Contacted: 14 September 2006 Advisory Published: 29 September 2006 Abstract: Mercury SiteScope is an agentless...

[Full-disclosure] DotNetNuke HTML Code Injection

Security Advisory: VULN20-09-2006 - http://www.secureshapes.com/advisories/vuln20-09-2006.htm Vendor Security Bulletin: http://dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletin no3/tabid/990/Default.aspx DotNetNuke - HTML Code Injection Vulnerability Date: 20/09/2006 Severity:...

FreeBSD : horde -- Phishing and XSS Vulnerabilities (e2e8d374-2e40-11db-b683-0008743bf21a)

Secunia reports : Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. - Input passed to the 'url' parameter in index.php isn't properly verified before it is being used to include an arbitrary website i...

[MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure

MajorSecurity 23 BLOG:CMS = 4.0.0j - XSS and cookie disclosure ------------------------------------------------------------------- Software: BLOG:CMS Version: 4.0.0j Type: Cross site scripting Made public: July, 22th 2006 Vendor: F-ART AGENCY, Ltd. - Radek Hulбn Page: http://blogcms.com/ Credits:...

newangels-11.txt

newangels-team.eu 11 FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities =========================================================================================== Vendor site = http://www.sensesites.com/ Date: Jun 13 2006 Risk = MEDIUM Version: 5.0 Credit: ======= NewAngels Team ...

freewebshop21.txt

NewAngels Advisory 9 FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities ========================================================================================== Vendor site = http://www.freewebshop.org/ Date: Jun 15 2006 Version: 2.1 Credit: ======= NewAngels Team...

aXentForum II XSS vuLLn

vendor:http://www.axent.us/axentforum.cfm affected versions:aXentForum II and prior aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user. This can be...

HotPlug CMS 1.0 - Login1.php Cross-Site Scripting

HotPlug CMS 1.0 - Login1.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18454/info HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

mailman -- Multiple Vulnerabilities

Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...

CVE-2006-2874

Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting XSS vulnerability involving comments...

CVE-2006-2874

Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting XSS vulnerability involving comments...

CVE-2006-2874

OSADS Alliance Database prior to version 1.4 has an unspecified vulnerability described as a possible cross-site scripting (XSS) issue related to a "Security Leak to lock in HTML-Code" involving comments. The exact impact and attack vectors are not disclosed in the provided documents. Affected co...

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...