1933 matches found
FreeBSD : Mailman -- XSS in web interface (4ab29e12-e787-11df-adfa-00e0815b8da8)
Secunia reports : Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrar...
Mozilla Firefox document.write and DOM insertion memory corruption
Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...
Mozilla Firefox document.write and DOM insertion memory corruption
Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...
Multiple Vulnerabilities in CLANSPHERE
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CLANSPHERE which could be exploited to perform cross-site scripting, script insertion and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in CLANSPHERE The vulnerability exists due to input...
Mozilla Firefox / Thunderbird / Seamonkey buffer overflow
Buffer overflow on document.write and DOM insertion is used in-the-wile for hidden malware installation...
Mozilla Foundation Security Advisory 2010-73
Mozilla Foundation Security Advisory 2010-73 Title: Heap buffer overflow mixing document.write and DOM insertion Impact: Critical Announced: October 27, 2010 Reporter: Morten Krkvik Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.12 Firefox 3.5.15 Thunderbird 3.1.6 Thunderbird...
mozilla -- Heap buffer overflow mixing document.write and DOM insertion
The Mozilla Project reports: MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion...
Multiple Vulnerabilities in eoCMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in eoCMS which could be exploited to perform script insertion and SQL injection attacks, gain access to sensitive information and compromise vulnerable system. 1 Script insertion vulnerability in eoCMS An input...
Multiple Vulnerabilities in MiniBB
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in MiniBB which could be exploited to perform script insertion and SQL injection attacks. 1 Script insertion vulnerability in MiniBB Input passed to the "url" BBCode tag is not properly sanitized. A remote attacker...
Script Insertion Vulnerability in Textpattern CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Textpattern CMS which could be exploited to perform script insertion attacks. 1 Script insertion vulnerability in Textpattern CMS An input sanitation error exists in the comment field. A remote attacker can insert arbitrary...
Unfixed Script Insertion vulnerability at www.studio92.com
Security researcher sh3n, has submitted on 15/10/2010 a Script Insertion vulnerability affecting www.studio92.com, which at the time of submission ranked 73031 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/12/2011. It is currently unfixed...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
BaconMap 1.0 SQL Injection
------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........SQL Injection Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windows Vista + XAMPP...
BaconMap 1.0 - SQL Injection
BaconMap 1.0 - SQL Injection ------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........SQL Injection Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windows Vis...
BaconMap 1.0 - SQL Injection
------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........SQL Injection Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windows Vista + XAMPP...
Mailman -- cross-site scripting in web interface
Secunia reports: Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary...
Parallels Plesk Sitebuilder Persistent Xss Vulnerability
Exploit for php platform in category web applications ======================================================== Parallels Plesk Sitebuilder Persistent Xss Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...
Flock Browser 3.0.0.3989 Malformed Bookmark Cross Site Scripting
Flock Browser 3.0.0.3989 Malformed Bookmark XSS Vendor URL: http://beta.flock.com/ Advisore: http://lostmon.blogspot.com/2010/08/flock-browser-3003989-malformed.html Vendor notify:NO exploits availables:YES Flock is faster, simpler, and more friendly. Literally. It's the only sleek, modern web...
Script Insertion Vulnerabilities in ArtGK CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ArtGK CMS which could be exploited to perform script insertion attacks. 1 Script insertion vulnerabilities in ArtGK CMS 1.1 Input passed to the "content" parameter in cms/classes/CForm.php is not properly sanitiz...
Secunia Research: MantisBT "Add Category" Script Insertion Vulnerability
====================================================================== Secunia Research 05/08/2010 - MantisBT "Add Category" Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...