Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

CVE-2008-5761 affects FlatnuX CMS (aka Flatnuke3). The provided documents describe multiple cross-site scripting (XSS) vulnerabilities: (1) via the mod parameter in the default URI, (2) via the foto parameter to photo.php in the 05_Foto module, and (3) via the name parameter in an insertrecord ac...

PHPmotion 2.1 Cross Site Request Forgery

PHPmotion Source of pwned.html file: Once your victim has visited your evil page, You may now be able to log...

MagpieRSS XSS 0day

Hello, I have found a Cross Site Scripting vulnerability in MagpieRSS, an RSS parser written in PHP, basically, this piece of software enables users to add their own RSS feeds to be parsed, so they can keep up to date with their favourite feeds, as well as the pre-defined ones. I crafted my own R...

CVE-2008-5729

Multiple cross-site scripting XSS vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 form and 2 control parameters to FCKeditor/neditor.php, and the 3 path parameter to admin/siteinfo/iframe.inc.php...

PHPmotion <= 2.1 CSRF Vulnerability

No description provided by source. PHPmotion = 2.1 CSRF vulnerability Author: Ausome1 Email: [email protected] Website: http://www.enigmagroup.org Description: Change a member's password and/or email...

PHPmotion 2.1 - Cross-Site Request Forgery

PHPmotion 2.1 - Cross-Site Request Forgery PHPmotion Source of pwned.html file: Once your victim has visited your evil page, You may now be able to log into their PHP...

PHPmotion 2.1 - Cross-Site Request Forgery

PHPmotion Source of pwned.html file: Once your victim has visited your evil page, You may now be able to log into their PHPMotion...

PHPmotion <= 2.1 CSRF Vulnerability

Exploit for unknown platform in category web applications =================================== PHPmotion Source of pwned.html file: input type="submit" value="Update settings"...

Fine to talk about hanging horse methods and techniques-vulnerability warning-the black bar safety net

Hanging horse N kind of method 1 HTML hung it to the law. Conventional HTML hang horse method is generally on a web page, insert an iframe statement, like. Check whether the site is linked, generally is to look at keywords the iframe. 2 then the hidden bit is js hung it up. Like then the...

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...

A special was hanging Iframe Trojan solutions-vulnerability warning-the black bar safety net

Hack Eye On! http://www.hackeye.com/ : Not IIS mapping changes, also is not an ARP virus,and the page file source code there is no iframe code solution Today visit one of the company's website, and suddenly found the page display not, right key to view the HTML code, find the iframe a website of...

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document...

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document...

CVE-2008-4232

Safari in Apple iPhone OS 2.0–2.1 and iPhone OS for iPod touch 2.1 suffer an IFRAME boundary enforcement flaw: an IFRAME can display content beyond its boundaries, enabling remote UI spoofing via crafted HTML. The affected components are Safari on iPhone OS 2.x and iPod touch OS 2.x; root cause i...

PT-2008-5525 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: Safari in Apple iPhone OS versions 2.0 through 2.1 Safari in Apple iPhone OS for iPod touch versions 2.1 Description: The issue allows remote attackers to spoof a user interface via a crafted HTML document because Safari does not restrict an...

Microsoft XML Core Services Nested Tag (MS08-069; CVE-2007-0099)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. A remote code execution vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to...

Cross-Site Scripting vulnerability in Opera

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Opera. При сохранении страницы со “специальным” URL, в коде страницы сохраняется XSS код. И происходит выполнение XSS кода при открытии данной страницы причём её открытии в любом браузере, не только в Opera. XSS:...

CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive...