[ONSEC-09-016] Blogolet XSS

ONSEC-09-016 Blogolet XSS Цель: Blogolet CMS Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимости существуют из-...

Apple Safari 'WebKit.dll' Stack Consumption Vulnerability

This host has Apple Safari installed and is prone to Stack Consumption vulnerability. OpenVAS Vulnerability Test $Id: secpodapplesafaristackconsumptionvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Apple Safari 'WebKit.dll' Stack Consumption Vulnerability Authors: Sharath S Copyright: Copyright c...

Apple Safari 'WebKit.dll' Stack Consumption Vulnerability

Apple Safari is prone to a stack consumption vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

Juniper Junos 8.59.0 J - Web Interface (Multiple Script) m[] Cross-Site Scripting

Juniper Junos 8.59.0 J - Web Interface Multiple Script m Cross-Site Scripting source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to...

Juniper Junos 8.59.0 J-Web Interface - diagnose Multiple Cross-Site Scripting Vulnerabilities

Juniper Junos 8.59.0 J-Web Interface - diagnose Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize...

Design/Logic Flaw

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service application crash via JavaScript code that calls eval on a long string composed of A/ sequences...

Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-821-1)

Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-3070,...

Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities

Binary data 801311.prm...

MKPortal 1.x - Multiple BBCode HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/36218/info MKPortal is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacke...

Google Chrome 'location.hash' Denial Of Service Vulnerability

Google Chrome is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-2955

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service CPU consumption and application hang via JavaScript code with a long string value for the hash property aka location.hash, a related issue to CVE-2008-5715...

Design/Logic Flaw

Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service CPU consumption and application hang via JavaScript code with a long string value for the hash property aka location.hash, a related issue to CVE-2008-5715...

CVE-2009-2954

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service CPU consumption and application hang via JavaScript code with a long string value for the hash property aka location.hash, a related issue to CVE-2008-5715...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Mozilla Products Information Disclosure Vulnerability (Linux)

The host is installed with Thunderbird/Seamonkey and is prone to Information Disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodmozillaprdtsinfodiscvulnlin.nasl 6482 2017-06-29 08:31:43Z cfischer $ Mozilla Products Information Disclosure Vulnerability Linux Authors: Nikita MR...

Apple Safari 4.0.2 - WebKit Parsing of Floating Point Numbers Buffer Overflow (PoC)

Three weeks ago, I coded a nice little browser fuzzer, and started playing with various browsers: IE, Firefox, Safari, Chrome, Opera... I found an interesting Safari crash after couple of hours of fuzzing. It was a stack overflow and a smile on my face. Since then, every now and then I took some...

Whitepaper - Using XFS To Create XSS From SQL Injection

XFS - XSS From SQL Author : 599eme Man Contact : [email protected] ------------------------------------------------------------------------ + Summary 1 Presentation 2 Explanation 3 Demonstration 4 Bibliography ------------------------------------------------------------------------ 1 --Presentation--...

CVE-2009-2320

The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript...

Apple Safari 3.2.2 - feed: URI Multiple Input Validation Vulnerabilities

Apple Safari 3.2.2 - feed: URI Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/34925/info Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website...

TorrentTrader Classic 'msg' Parameter HTML Injection Vulnerability

TorrentTrader is prone to an HTML-injection vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...