Machform Form Maker 2 XSS / Shell Upload / SQL Injection

Exploit Title: Machform form maker - Multiple Vulnerabilities Date: 2013 17 June Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.appnitro.com Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2 Special thanks to: Mormoroth Dork1: "Powered by...

Opera Web Browser 11.00 - 'option' HTML Element Integer Overflow

source: https://www.securityfocus.com/bid/46003/info Opera Web Browser is prone to a remote integer-overflow vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions...

SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 3693)

Mozilla Firefox 3.6 was updated to update 3.6.13 fixing several security issues. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...

Crash and remote code execution using HTML tags inside a XUL tree — Mozilla

Security researcher wushi of team509 reported that when a XUL tree had an HTML element nested inside a element then code attempting to display content in the XUL tree would incorrectly treat the element as a parent node to tree content underneath it resulting in incorrect indexes being calculated...

Opera < 10.61 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 10.61. Such versions are potentially affected by the following issues : - A heap overflow when performing painting operations on an HTML5 canvas can result in execution of arbitrary code. 966 - An issue with tab focus is open to an...

CVE-2010-1405

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an HTML element that has custom vertical positioning...

Design/Logic Flaw

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an HTML element that has custom vertical positioning...

CVE-2010-1405

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an HTML element that has custom vertical positioning...

CVE-2010-1405

Removed by vendor...

CVE-2010-1405

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an HTML element that has custom vertical positioning...

CVE-2010-1260

CVE-2010-1260 : In Internet Explorer 8, the IE8 Developer Toolbar could trigger remote code execution when an object was accessed that was either not properly initialized or already deleted, causing memory corruption. Microsoft’s connected advisory MS10-035 describes a cumulative security update ...

Cross site scripting

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document in a situation where the client user drags one browser window across another...

CVE-2010-0494

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document in a situation where the client user drags one browser window across another...

Cross site scripting

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTM...

Remote file inclusion

PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third part...

CVE-2007-0758

PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third part...

CVE-2007-0758

PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third part...

KMail 1.x - HTML Element Handling Denial of Service

source: https://www.securityfocus.com/bid/20539/info KMail is prone to an unspecified denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. KMail 1.9.1 and prior versions are vulnerable to this issue. Return-Pat...