zoomblogJS.txt

DETAILS Zoomblog is prone to javascript injection attacks. Zoomblog does not adequately filter tags from various fields. It is possible for a malicious Zoomblog user to inject hostile javascript code into the commentary via form fields. This code may be rendered in the browser of a web user who...

[Full-disclosure] Buggy blogging

Portcullis Security Advisory Tim Brown [email protected] - www.portcullis-security.com [email protected] - www.nth-dimension.org.uk Vulnerable System: Movable Type Vulnerability Title: Username and password hash for administration interface stored in cookie. Vulnerability...

Oracle 9iAS iSQLplus XSS

The login-page of Oracle9i iSQLplus allows the injection of HTML and Javascript code via the username and password parameters. Description : The remote host is running a version of the Oracle9i 'isqlplus' CGI which is vulnerable to a cross site scripting issue. An attacker may exploit this flaw t...

Flat Nuke Cross Site Scripting

Web Site: Vulnerable: FlatNuke = 2.5.6 This script is possibly vulnerable to Cross Site Scripting XSS attacks Malicious users may inject JavaScript, VBScript, ActiveX, into a vulnerable application to fool a user in order to gather data from them. Affects...

XSS Vulnerability in MIVA Merchant 5 - Includes Fix

MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled core-4...

CVE-2005-2442

CVE-2005-2442 concerns a Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196. The connected documents confirm the issue arises in WebInspect and enables remote attackers to inject Javascript from one application into another (XAS), with remote exploitation described...

security flaw

A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...

McAfee Intrushield IPS Abuse

/ $ An open security advisory 8 - McAfee Intrushield IPS Management Console Abuse 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Local / Remote $ This advisory and/or proof of concept code must not be used for...

CVE-2002-1688

This CVE concerns Microsoft Internet Explorer versions 5.5–6.0, where the browser history feature can be abused to execute arbitrary JavaScript in the context of a user session. An attacker can inject JavaScript into the URL, which is executed when the user clicks Back, allowing remote script exe...

CVE-2005-1659

CVE-2005-1659 : MyServer 0.8 is vulnerable to cross-site scripting via filemanager.cpp. An attacker can craft a URL containing a triple dot ("...") followed by an onmouseover event to inject arbitrary Javascript. Public sources (NVD/Red Hat/OpenVAS) consistently describe XSS affecting MyServer 0....

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...

security flaw

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the search target of the Firefox sidebar...

security flaw

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page...

firefox -- arbitrary code execution from sidebar panel

A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...

CVE-2004-1712

Cross-site scripting XSS vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter...

Invision Power Board (IP.Board) 1.x2.0.3 - SML Code Script Injection

Invision Power Board IP.Board 1.x2.0.3 - SML Code Script Injection source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script...

Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection

source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content. Since this could permit an attacker to inject hostile...

phpmyadmin -- arbitrary file include and XSS vulnerabilities

A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...

[Full-Disclosure] XSS VULNERABILITY AT MODULE PostWrap

Bonjour, Albania Security Clan vient de decouvrir une vulnebalirite de type XSS dans le module PostWrap le problem est au niveu de /index.php?module=PostWrap&page=http://hostename.com/HACK/asc/ascmd.txt c n'est po une php injection parce que c'est protege mais on peux injecter des comandes XSS, d...

Security Advisory: BiTBOARD xss

Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior...