4502 matches found
Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability
Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation error and could be exploited for cross site scriptingand cross site request forgery. XSS http://myserver:myport/examples/jsp/cal/cal2.jsp?time=8am3cscript3eale rt"XSS!"3c2fscript3e XSR...
chacha-xss.txt
ChaCha.com Search ?query= Cross-Site Scripting Vulnerability + Author: d3hydr8 + Contact: d3hydr8atgmaildotcom + Original Post: http://darkcode.h1x.com/forum/index.php?action=vthread&forum=12&topic=275 + Vendor Site: http://www.chacha.com/ + Class: Input Validation Error + Overview: The first...
InterWorx-CP Multiple HTML Injections Vulnerabilitie
HSC InterWorx-CP Multiple HTMl Injection Vulnerabilities The InterWorx Hosting Control Panel InterWorx-CP is a dedicated server control panel. InterWorx suffers from multiple HTMl injection vulnerabilities. JavaScript and Cross site scripting are just few found vulns, more sophisticated attacks...
interworx-xss.txt
HSC InterWorx-CP Multiple HTMl Injection Vulnerabilities The InterWorx Hosting Control Panel InterWorx-CP is a dedicated server control panel. InterWorx suffers from multiple HTMl injection vulnerabilities. JavaScript and Cross site scripting are just few found vulns, more sophisticated attacks...
Abledesign Dynamic Picture Frame XSS
Vendor Site: http://abledesign.com/ Version affected: ??? Demo: http://abledesign.com/demo/pframe.php Class: Input Validation Error Overview: Dynamic Picture Frame is a PHP script which allows you to add a variety of picture frames of any size to images on your website. Dynamic Picture Frame fail...
Invision Power Board D22-Shoutbox HTML Injections
HSC Invision Power Board D22-Shoutbox HTML Injections D22-Shoutbox suffers from improper validation of HTMl tags filtration. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...
DeskPRO Admin Panel Multiple HTML Injections
HSC DeskPRO Admin Panel Multiple HTML Injections An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks....
CVE-2007-2955
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via 1 the AnomalyList property to...
phpsysinfo-xss.txt
HSC PHPSysInfo Index.php Cross Site Scripting PhpSysInfo is a PHP script that displays information about the host being accessed. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...
PHPSysInfo Index.php Cross Site Scripting
HSC PHPSysInfo Index.php Cross Site Scripting PhpSysInfo is a PHP script that displays information about the host being accessed. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...
flash-plugin input validation flaw
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...
CVE-2007-3456
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...
CVE-2007-3456
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...
CVE-2007-3456
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...
CVE-2007-3456
CVE-2007-3456 affects Adobe Flash Player 9.0.45.0 and earlier, with an input-validation/overflow issue in parsing FLV/SWF data that could allow remote code execution via crafted files (large string or XML variable). The vulnerability arises from a signed comparison of values expected non-negative...
GLSA-200706-04 : MadWifi: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200706-04 MadWifi: Multiple vulnerabilities Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...
MadWifi: Multiple vulnerabilities
Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...
Microsoft Excel Filter记录远程代码执行漏洞(MS07-023)
Microsoft Excel是Office套件中的电子表格工具。 Excel在处理Excel BIFF8格式电子表格文件中的AutoFilter记录时存在输入验证错误,如果用户受骗打开了包含有畸形过滤记录的特制文档的话,就可能导致无效的内存访问,在用户系统上执行任意代码。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office 2004 for Mac 临时解决方法: 不要打开不可信任来源的Excel文档...
abitwhizzy-traverse.txt
aBitWhizzy traversal folder enumeration and XSS vendor url: http://www.unverse.net/abitwhizzy/ Advisore:http://lostmon.blogspot.com/2007/03/ abitwhizzy-traversal-folder-enumeration.html vendor notify:YES exploit include:YES aBitWhizzy is a php script that uses whizzywig.js to create and edit web...
Horde Webmail Multiple HTML Injection vulnerability
Horde Webmail Multiple HTML Injection vulnerability Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks and notes with the standards compliant components fr...