CVE-2010-0011

The evaljs function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code...

CVE-2010-0011

The evaljs function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code...

Debian DSA-1886-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3079 'mozbugra4' discovered that a programming error in the FeedWriter...

Silverstripe <= v2.3.4: XSS vulnerabilities

No description provided by source. Silverstripe CMS, http://silverstripe.org/, version 2.3.4 and lower and its unreleased 2.4 branch, is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe 'PostCommentForm' fails to properly sanitize the 'CommenterURL'...

Mozilla Foundation Security Advisory 2009-70

Mozilla Foundation Security Advisory 2009-70 Title: Privilege escalation via chrome window.opener Impact: Moderate Announced: December 15, 2009 Reporter: David James Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1 Description Security researcher David James...

Billwerx RC v3.1 Multiple Vulnerabilities

No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip...

CVE-2009-4148

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...

Design/Logic Flaw

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...

CVE-2009-3576

Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents aka .scntoc file with a ScriptContent element, as demonstrated by code that loads the WScript.Shell ActiveX control...

Mozilla Firefox Chrome Page Loading Restriction Bypass (CVE-2005-2706)

The Firefox and Mozilla web browsers are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so on. The web browser implements security restrictions on the execution of scripts and access to certain resources based on the orig...

Chrome privilege escalation in XPCVariant::VariantDataToJS() — Mozilla

Mozilla security researcher mozbugra4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web...

SuSE Security Update: Security update for Mozilla Firefox (firefox35upgrade-6562)

This update brings the Mozilla Firefox 3.5 webbrowser to version 3.5.3, the Mozilla XULRunner 1.9.0 engine to the 1.9.0.14 stable release, and the Mozilla XULRunner 1.9.1 engine to the 1.9.1.3 stable release. It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 /...

[ONSEC-09-018] Twilight CMS XSS

http://onsec.ru/vuln?id=10 ONSEC-09-018 Twilight CMS XSS Цель: Twilight CMS Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 01.10.2009 Дата оповещения разработчика: 01.10.2009 Дата выхода исправления: 10.01.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6495)

This update brings the Mozilla Firefox browser to the 3.0.14 stable release. It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 / CVE-2009-30 / CVE-2009-3075: Mozilla developers and community members identified and...

SuSE 11 Security Update : Mozilla (SAT Patch Number 1328)

This update brings the Mozilla XULRunner engine to the 1.9.0.14 stable release. It also fixes various security issues : - / CVE-2009-30 /. MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 - Mozilla developers and community members identified and fixed...

[ONSEC-09-011] UMI.CMS Multiple XSS

ONSEC-09-011 UMI.CMS Multiple XSS Цель: UMI CMS =2.7.3 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимые поля...

[ONSEC-09-016] Blogolet XSS

ONSEC-09-016 Blogolet XSS Цель: Blogolet CMS Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимости существуют из-...

Apple Safari 'WebKit.dll' Stack Consumption Vulnerability

Apple Safari is prone to a stack consumption vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

Apple Safari 'WebKit.dll' Stack Consumption Vulnerability

This host has Apple Safari installed and is prone to Stack Consumption vulnerability. OpenVAS Vulnerability Test $Id: secpodapplesafaristackconsumptionvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Apple Safari 'WebKit.dll' Stack Consumption Vulnerability Authors: Sharath S Copyright: Copyright c...