Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2587

Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2590

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

PT-2012-4111

Name of the Vulnerable Software and Affected Versions WinWebMail Server version 3.8.1.6 Description The issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body using various methods, including a SCRIPT element, crafted Cascading Style Sheets CSS expressions...

Surgemail 6.0a4 - Persistent Cross-Site Scripting

Surgemail 6.0a4 - Persistent Cross-Site Scripting !/usr/bin/python ''' Author: loneferret of Offensive Security Product: SurgeMail Version: 6.0a4 Vendor Site: http://www.netwinsite.com Software Download: http://netwinsite.com/download.htm Timeline: 29 May 2012: Vulnerability reported to CERT 30 M...

Surgemail 6.0a4 - Persistent Cross-Site Scripting

!/usr/bin/python ''' Author: loneferret of Offensive Security Product: SurgeMail Version: 6.0a4 Vendor Site: http://www.netwinsite.com Software Download: http://netwinsite.com/download.htm Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from CERT with disclosu...

Scientific Linux Security Update : thunderbird on SL4.x,SL5.x i386/x86_64

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. CVE-2011-0080...

Mozilla Products Certificate Page Clickjacking Vulnerability (Windows)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to clickjacking vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsclickjackingvulnwin.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Certificate Page Clickjacking Vulnerability Windows Authors:...

Mozilla Products Certificate Page Clickjacking Vulnerability (Mac OS X)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to clickjacking vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsclickjackingvulnmacosx.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Certificate Page Clickjacking Vulnerability Mac OS X Authors:...

Code injection

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted...

Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted...

Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted...

Clickjacking of certificate warning page — Mozilla

Security Researcher Matt McCutchen reported that a clickjacking attack using the certificate warning page. A man-in-the-middle MITM attacker can use an iframe to display its own certificate error warning page about:certerror with the "Add Exception" button of a real warning page from a malicious...

Plesk Zero Day Exploit in the Wild, Thousands of sites got Hacked

Sucuri Malware Labs notify that some zero-day exploits are available to Hackers which are being used to Hack into Parallels' Plesk Panel Port Number 8443. These attacks was keep on raising from last few months as you can see in the Graph: At least 4000 new websites were infected each day, Sucuri...

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

Binary data 800967.prm...

Google Chrome < 20.0.1132.43 Multiple Vulnerabilities

Binary data 6508.pasl...

BlackHole Exploit Kit Gets New Domain-Generation Algorithm

Nothing is more frustrating than spending days or weeks compromising dozens of Web sites and setting up your network of malicious redirects and then finding out that someone has screwed it all up by taking down one of your infected sites. Luckily, the crew behind the BlackHole exploit kit has...

CVE-2012-2815

Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain...

Information disclosure

Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain...