5123 matches found
CVE-2012-6041
GreenBrowser is affected by CVE-2012-6041. The vulnerability is a double-free in the iframe handling logic (triggered when the keyword search bar F6 is activated) that could allow remote code execution. Affected product: GreenBrowser prior to version 6.0.1002. Root cause: improper memory manageme...
WeBid 1.0.5 - Cross-Site Scripting
WeBid 1.0.5 - Cross-Site Scripting Exploit Title: WeBid Vendor Homepage: http://www.webidsupport.com Software Link: http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.0.4/WeBid-1.0.4.zip/download Version: 1.0.5 Tested on: Ubuntu Linux INGRESS SECURITY SECURITY ADVISORY...
CVE-2012-4515
Use-after-free vulnerability in khtml/rendering/renderreplaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by accessing an iframe when it is being updated...
Design/Logic Flaw
Use-after-free vulnerability in khtml/rendering/renderreplaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by accessing an iframe when it is being updated...
CVE-2012-4515
Removed by vendor...
CVE-2012-4751
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...
CVE-2012-4751
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...
CVE-2012-2586
Multiple cross-site scripting XSS vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with 1 a JavaScript alert function used in conjunction with the fromCharCode method or 2 a SCRIPT element; an e-mail message body...
Cross site scripting
Cross-site scripting XSS vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message...
CVE-2012-2575
NetWin SurgeMail 6.0a4 is affected by a Cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. This is triggered by HTML emails, enabling script execution in som...
CVE-2012-2575
Cross-site scripting XSS vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message...
CVE-2012-2573
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
CVE-2012-2587
Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...
CVE-2012-2571
Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
CVE-2012-2585
Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...
CVE-2012-2571
Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...