CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

Design/Logic Flaw

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...

Proxomitron Naoko-4 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3087/info Proxomitron is a free web proxy server. Proxomitron is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is possible for script cod...

Linksys WRT160N - Multiple Vulnerabilities

No description provided by source. Device Name: Linksys WRT160Nv2 Vendor: Linksys/Cisco ============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fast...

Wolf CMS 0.6.0b Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22681 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwolfcms.html Product: Wolf CMS Vendor: Wolf CMS team http://www.wolfcms.org/ Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerabilit...

php-decoda - Cross-Site Scripting In Video Tag

No description provided by source. Advisory: php-decoda: Cross-Site Scripting in Video Tags RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the PHP markup parser Decoda. This allows attackers that should be restricted to the markup supported by Decoda to specify a...

Netscape Navigator 4.0.8 'about:' Domain Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a...

diafan.cms 4.3 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22777 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiafancms.html Product: diafan.CMS Vendor: Diafan http://www.diafan.ru/ Vulnerable Version: 4.3 and probably prior versions Vendor Notification: 28 December 2010 Vulnerability Type:...

VideoGirls forum.php t Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36168/info VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context...

Hyperic HQ 3.2 - 4.2-beta1 - Multiple XSS

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Hyperic HQ Multiple XSS 1. Advisory Information Title: Hyperic HQ Multiple XSS Advisory Id: CORE-2009-0812 Advisory URL:...

KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

No description provided by source. Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: fdisk @fdiskyou e-mail: fdiskyou at deniable.org Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the...

Juniper Junos 8.5/9.0 J-Web Interface /diagnose Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...

Cisco DPC2420 Multiples Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - Title: DPC2420 Multiple vulnerabilities - Author: Facundo M. de la Cruz tty0 - E-mail: [email protected] =20 0x00 Details Vendor : Cisco Model : DPC2420 type : Cablemodem router.=20 Firmware:...

Microsoft Internet Explorer 6.0/7.0 RemoveChild Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20812/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to execute certain JavaScript code. Successfully exploiting this issue will cause the...

gp easy CMS Minishop 1.5 Plugin Persistent XSS

No description provided by source. Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The...

PHPDug 2.0.0 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type:...

Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24837/info Microsoft Internet Explorer, Mozilla Firefox and Netscape Navigator are prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers. Exploiting the...

e107 1.0.2 - CSRF Resulting in SQL Injection

No description provided by source. Exploit Title: e107 v1.0.2 Administrator CSRF Resulting in SQL Injection Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

html-edit CMS Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Typ...

Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28946/info Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to...