DB Manager XSS vuln.

Sunday, 7 October 2007 DB Manager XSS vuln. Vuln. discovered by : r0t Date: 7 October 2007 Vendor:http://www.moderndayworld.com/Scripts/Products/?id=S-DM2.0 affected versions:DB Manager 2.0 other versions also can be affected. DB Manager contains a flaw that allows a remote Cross-Site Scripting...

Urchin Multiple XSS vuln.

Urchin Multiple XSS vuln. Vuln. discovered by : r0t Date: 1 September 2007 vendor:www.roirevolution.com/urchin/ orginal advisory: http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html affected versions:tested on Urchin v5.6.00r2 other versions also can be affected. Urchin...

XXS в ActiveKB NX 2.5.4

Здравствуйте, 3APA3A. Software: ActiveKB NX 2.5.4 Vendor: www.interspire.com Vulnerability: XXS Risk: низкий Date: 1.09.2007 discovered by durito damagelab -duritoatmaildotru- HTTP: durito.narod.ru +:| Details |: Удаленный атакующий может с помощью специально сформированного URL выполнить...

Microsoft Internet Explorer Position:Relative拒绝服务漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer不正确处理部分HTML代码，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建类似如下的恶意页面，诱使用户访问： styleposition:relative/styletableinput/table 可导致应用程序崩溃。 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Citrix...

Microsoft Internet Explorer 6 - Position:Relative Denial of Service

Microsoft Internet Explorer 6 - Position:Relative Denial of Service source: https://www.securityfocus.com/bid/25222/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote...

Microsoft Internet Explorer 6 - Position:Relative Denial of Service

source: https://www.securityfocus.com/bid/25222/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code. This issue is triggered when a remote attacker entices a victim user to visit a malicious website. Attackers ma...

[BuHa-Security] DoS Vulnerability in Konqueror 3.5.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 16 | Aug 01st, 2007 | --------------------------------------------------- | Vendor | KDE's Konqueror | | URL | http://www.konqueror.org/ | | Version | = 3.5.7 | | Risk |...

Interact multiple XSS vuln.

Interact multiple XSS vuln. Vuln. discovered by : r0t Date: 21 June 2007 vendor:www.interactole.org orginal advisory: http://pridels-team.blogspot.com/2007/06/interact-multiple-xss-vuln.html affected versions: tested on "Interact 2.4 beta 1" other versions also can be affected. Interact contains ...

Cisco CallManager Web Interface Input Validation Bypass Vulnerability

Cisco CallManager versions 4.31 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and conduct cross-site scripting attacks. This vulnerability exists due to insufficient sanitization of user-supplied input to the CallManager web...

Microsoft Internet Explorer page content spoofing

Crossite scripting in res://ieframe.dll/navcancl.htmhttp://www.site.com page allows to inject HTML code into page...

KDE Konqueror 3.5.7 - Assert Denial of Service

KDE Konqueror 3.5.7 - Assert Denial of Service source: https://www.securityfocus.com/bid/25170/info KDE Konqueror is prone to a remote denial-of-service vulnerability because it fails to handle improperly formated HTML code. An attacker may exploit this vulnerability to cause Konqueror to crash,...

Microsoft Internet Explorer 6 - Local File Access

Microsoft Internet Explorer 6 - Local File Access source: https://www.securityfocus.com/bid/22621/info Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker...

Hacking tips related to the HTML code of alternative application-vulnerability warning-the black bar safety net

This is a on the HTML code of the attack, although the short point home to see how that can be achieved. Now the Windows operating system is really very easy, even the formatting is using only the mouse a little bit you can, not as before to the input command to complete the grid plate. We're goi...

[SA23623] Serene Bach Unspecified Cross-Site Scripting Vulnerability

TITLE: Serene Bach Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA23623 VERIFY ADVISORY: http://secunia.com/advisories/23623/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Serene Bach 2.x http://secunia.com/product/13155/ Serene Bach sb 1...

joomla -- multiple remote vulnerabilities

Secunia reports: Some vulnerabilities have been reported in Joomla!, where some have unknown impacts and one can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can...

phpbb 2.0.x [xss]

vendor site:http://phpbb.com/ product:phpbb bug:xss risk:low A xss post has been discovered in phpbb ,the impact of this attack is very low ,because it's more a bug , than a vulnerability . An authentificated user can excute some html code in his private message box , by sending a message to an...

[SA22925] EC-CUBE Unspecified Cross-Site Scripting Vulnerability

TITLE: EC-CUBE Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA22925 VERIFY ADVISORY: http://secunia.com/advisories/22925/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: EC-CUBE 1.x http://secunia.com/product/12657/ DESCRIPTION: A...

Mercury SiteScope 8.2 (8.1.2.0) Cross Site Scripting (XSS) Vulnerability

Whitehat.org.uk Advisory 1 Mercury SiteScope 8.2 8.1.2.0 Cross Site Scripting XSS Vulnerability Vulnerability Type: Active code injection XSS Problem Discovered: 14 September 2006 Vendor Contacted: 14 September 2006 Advisory Published: 29 September 2006 Abstract: Mercury SiteScope is an agentless...

[Full-disclosure] DotNetNuke HTML Code Injection

Security Advisory: VULN20-09-2006 - http://www.secureshapes.com/advisories/vuln20-09-2006.htm Vendor Security Bulletin: http://dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletin no3/tabid/990/Default.aspx DotNetNuke - HTML Code Injection Vulnerability Date: 20/09/2006 Severity:...

FreeBSD : horde -- Phishing and XSS Vulnerabilities (e2e8d374-2e40-11db-b683-0008743bf21a)

Secunia reports : Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks. - Input passed to the 'url' parameter in index.php isn't properly verified before it is being used to include an arbitrary website i...