[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability

Title: Kil13r-SA-20060622-1 NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/21 - Discovery 2006/06/21 - Vendor notification 2006/06/22 - Release Affected version: NetSoft SmartNet 2.0 Not affected version:...

[Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability

Title: Kil13r-SA-20060609-1 Daum Search Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/09 - Discovery 2006/06/09 - Vendor notification 2006/06/09 - Release Affected version: Not affected version: Description: Daum is internet...

[SA20376] Firefox Multiple Vulnerabilities

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

ByteHoard <= 2.1 multiple vulnerabilities

ByteHoard = 2.1 multiple vulnerabilities Discovered by: Nomenumbra Date: 23/5/2006 impact:high file manipulation,privilege escalation,possible defacement ByteHoard versions up to 2.1 are prone to multiple vulnerabilities, including directory traversal. 0x00 Directory traversal: Users are able to...

EV0104.txt

New eVuln Advisory: Skull-Splitter's PHP Guestbook XSS Vulnerability http://evuln.com/vulns/104/summary.html --------------------Summary---------------- eVuln ID: EV0104 CVE: CVE-2006-1256 Software: Skull-Splitter's PHP Guestbook Sowtware's Web Site: http://www.boysen.be/ Versions: 2.6 2.7 Critic...

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.

Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and posts events. Because no filtering...

Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities

Jupiter CMS , to redirect the user to a page of your choice, to avoid suspicion and disclosure of your cookiestealer's location. This injections would allow an attacker to redirect users to a page of his choice, effectively defacing the page:...

ipb.2.1-english.txt

Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...

Invision Power Board 2.1 : Multiple XSS Vulnerabilities

Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...

IlohaMail < 0.8.13 Email Header HTML Injection Vulnerability

IlohaMail does not properly sanitize message headers, leaving users vulnerable to cross-site scripting XSS attacks. For example, a remote attacker could inject Javascript code that steals the user SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a...

Horde 3.0 XSS Vulnerability

Horde is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2005-2688

Multiple cross-site scripting XSS vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to 1 footer.php, 2 header.php, 3 menudx.php, or 4 menusx.php, or Javascript code in the 5 HTTPREFERER referer or 6 HTTPUSERAGENT us...

gravityBad.txt

4.22 07/08/2005 Gravity Board X v1.1 possibly prior versions Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclosure poc software: author site: http://www.gravityboardx.com/ a Sql Injection / Login Bypass: A user can bypass login check and grant administrator...

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

GLSA-200507-18 : MediaWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-18 MediaWiki: XSS vulnerability MediaWiki fails to escape a parameter in the page move template correctly. Impact : By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

CVE-2002-1770

Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer...

PHP-Fusion BBCode IMG Tag XSS

The remote host is running a version of PHP-Fusion that does not sufficiently sanitize JavaScript code. Specifically, an attacker can inject JavaScript code that bypasses the filters in 'fusioncore.php' by HTML-encoding it. This code will then be executed in the context of a user's browser when...

CVE-2004-1200

Firefox and Mozilla allow remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1198

Microsoft Internet Explorer allows remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1199

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service application crash from memory exhaustion, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...