XSS vulnerability in recently updated and configure RSS feed actions

Our eSecurity team has identified a Cross Site Scripting issue with the confluence server as follows: Arbirtatry javascript can be injected in the following cases which can lead to escalated or invalid privileges being granted to an unauthorized user: 1...

mps-insertion.txt

HSCMySpace Scripts - Poll Creator JavaScript Injection Vulnerability Our MySpace Poll Creator script is the ultimate addition to your MySpace resource site. The script enables your user to quickly and easily create a poll that they can post to profile or bulletin to all their friends. Everyone...

迅雷5 0-Day

No description provided by source. script type="text/jscript"function init document.write"";window.onload = init;/script SCRIPT language="JavaScript" var expires = new Date; expires.setTimeexpires.getTime + 24 60 60 1000; var setcookie = document.cookie.indexOf"3Ware=";...

sfshoutbox-inject.txt

----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: SF-Shoutbox 1.2.1 = 1.4 HTML/JS Injection Vulnerability || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME...

NDSA20071016.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...

Serious holes affecting SiteBar 3.3.8

All, As a result of a short security audit of SiteBar, a number of security holes were found. The holes included code execution, a malicious redirect and multiple cases of Javascript injection. After liasing with the developers, the holes have been patched. Attached are the advisory and patch...

S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting

S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...

about: blank windows

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

Core Security Technologies Advisory 2007.0817

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...

CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...

CVE-2007-5046

Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...

Unfixed XSS vulnerability at www.wardom.org

Security researcher Babaconda, has submitted on 07/09/2007 a cross-site-scripting XSS vulnerability affecting www.wardom.org, which at the time of submission ranked 37698 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/09/2007. It is current...

CVE-2007-3150

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

Portcullis Security Advisory 06-035

Portcullis Security Advisory 06-035 Vulnerable System: Movable Type. Vulnerability Title: The create entry mechanism is vulnerable to JavaScript injection. Vulnerability Discovery And Development: Portcullis Security Testing Services Credit for Discovery: Tim Brown - Portcullis Computer Security...

NDSA20070412.txt

Nth Dimension Security Advisory NDSA20070412 Date: 12th April 2007 Author: Tim Brown URL: / Product: DSL-G624T router V3.00B01T02.UK-A.20060208 Vendor: D-Link Risk: Medium Summary Following the Securiteam posting "D-Link DSL-G604T Wireless Router Directory Traversal" which described a directory...

DSA-1275-1 zope2.7 - cross-site scripting

Bulletin has no description...

CVE-2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...

Portcullis Security Advisory - Movable Type

Portcullis Security Advisory Tim Brown [email protected] - www.portcullis-security.com [email protected] - www.nth-dimension.org.uk Vulnerable System: Movable Type Vulnerability Title: Username and password hash for administration interface stored in cookie. Vulnerability...

CVE-2006-4975

Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service...

[Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list

Advisory: Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Release Date: 2006-08-30 Application: Lyris ListManager 8.95 Risk: Depends upon your use and business context Vendor site: http://www.lyris.com/ Overview of Product: "Lyris ListManager is the world's most popular...