CVE-2006-3211

Cross-site scripting XSS vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

CVE-2006-2611

MediaWiki 1.6.x is affected in includes/Sanitizer.php (variable handler) by CVE-2006-2611. The vulnerability allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the | character, and is exploitable before revision r14349. The NVD notes a Medium risk w...

FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9)

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-29 Spoofing with translucent windows - MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented -...

ChipmunkBoard Multiple Attack vectors

ChipmunkBoard Multiple Attack vectors Discovered by: Nomenumbra Date: 6/4/2006 impact:high privilege escalation,possible defacement It is possible to insert the following javascript in the BBcode or supply it as your avatar url: javascript:alert27xss27; Also ChipmunkBoard is prone to SQL-injectio...

DSA-1051-1 mozilla-thunderbird - several vulnerabilities

Bulletin has no description...

Page attack the theory and implementation-vulnerability warning-the black bar safety net

Page attack can be divided into two categories One is the use of a browser vulnerability in the access page to write malicious code for visitors of the attack. Here we can be understood as the service end-to-client attacks. Another just opposite, is the visitors use the page of the vulnerability ...

security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

DEBIAN-CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

CVE-2006-1741

CVE-2006-1741 affects Mozilla Firefox (1.x up to 1.5, and 1.0.x up to 1.0.8), Mozilla Suite up to 1.7.13, and SeaMonkey up to 1.0, enabling remote attackers to inject arbitrary JavaScript into other sites. The root causes involve (1) using a modal alert to suspend an event handler during page loa...

mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-29 Spoofing with translucent windows MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented MFSA...

phpBB <= 2.0.18 Multiple Cross-Site Scripting Flaws

The remote web server contains a PHP application that is affected by several flaws. Description : According to its version number, the remote version of this software is vulnerable to Javascript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may...

CVE-2006-0735

Cross-site scripting XSS vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an 1 img or 2 url BBcode tag...

XSS vulnerability in guestbook-php-script

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

Cross site scripting

Cross-site scripting XSS vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags...

Cross site scripting

Cross-site scripting XSS vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag...

Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. CAN-2005-1937 In several places the browser user interface did not...

phpBB < 2.0.19 Multiple XSS

According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may allow an attacker to inject hostile JavaScript into the forum system to steal cookie credentials o...

[Full-disclosure] Php Web Statistik Multiple Vulnerabilities

PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...