XSS in RSS feed creation

URL http://localhost:8080/dashboard/doconfigurerssfeed.action The RSS feed creation process is vulnerable to XSS attacks. It is possible to inject javascript code into the page by changing the types field to: types="alertdocument.cookie complete example from the testenvironment:...

Chrome script loading from fastload file — Mozilla

Mozilla security researcher mozbugra4 reported that when non-privileged XUL documents include scripts from chrome: URIs used in the browser it was possible to take advantage of the privilege level stored in the pre-compiled "fastload" file. This could allow an attacker to run arbitrary JavaScript...

visualsentinel-cas.txt

VisualSentinel 0.7 Cross Agent Scripting Discovered by: Alfredo Panzera, Opencosmo Security Software vendor: http://www.opencosmo.com Date: 31-05-2008 Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log th...

VisualSentinel 0.7 Cross Agent Scripting Vulnerability

VisualSentinel 0.7 Cross Agent Scripting Discovered by: Alfredo Panzera, Opencosmo Security Software vendor: http://www.opencosmo.com Date: 31-05-2008 Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log th...

eCMS 0.4.2 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/29304/info eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue. Exploiting these issues may allow an attacker to bypass certain security restrictions and gain unauthorized access to the...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environmen...

Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered...

Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability ======================================================================...

Internet Photoshow (Special Edition) Insecure Cookie Handling Vuln

Exploit for unknown platform in category web applications ================================================================== Internet Photoshow Special Edition Insecure Cookie Handling Vuln ==================================================================...

Internet Photoshow (Special Edition) Insecure Cookie Handling Vuln

No description provided by source. --==+================================================================================+==-- --==+ Internet Photoshow Special Edition Insecure Cookie Handling +==-- --==+================================================================================+==-- Discover...

ActiveKB 1.5 - Insecure Cookie Handling/Arbitrary Admin Access

--==+================================================================================+==-- --==+ ActiveKB = 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 1...

Code injection

Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...

CVE-2008-2000

Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...

Microsoft Excel 2007 - JavaScript Code Remote Denial of Service

Microsoft Excel 2007 - JavaScript Code Remote Denial of Service source: https://www.securityfocus.com/bid/28946/info Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability,...

Microsoft Excel 2007 - JavaScript Code Remote Denial of Service

source: https://www.securityfocus.com/bid/28946/info Microsoft Excel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to execute arbitrary code, but this ha...

PhShoutBox 1.5 - Insecure Cookie Handling

PhShoutBox 1.5 - Insecure Cookie Handling --==+================================================================================+==-- --==+ PhShoutBox = 1.5 final Insecure Cookie Handling Arbitrary Authentication +==--...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Sun Java JRE Multiple Vulnerabilities (233321-233327)

The version of Sun Java Runtime Environment JRE installed on the remote host is affected by one or more security issues : - Two vulnerabilities in the JRE VM may independently allow an untrusted application or applet downloaded from a website to elevate its privileges 233321. - When processing XS...

INFIGO-2008-02-13.txt

INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...