CVE-2007-2384

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

CVE-2007-2381

The MochiKit framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2376

The Dojo framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

XSS vulnerabilities

PMASA-2007-4 Announcement-ID: PMASA-2007-4 Date: 2007-04-24 Updated: 2007-05-17 Summary XSS vulnerabilities Description We received an advisory from Lukasz Plonka "sp3x" SecurityReason and we wish to thank him for his work. It was possible to trigger these attacks on various scripts due to...

Fedora Core 5 : thunderbird-1.5.0.8-1.fc5 (2006-1194)

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed JavaScript code. A malicious HTML mail message could cause the execution of JavaScript code in such a way that could cause Thunderbird to crash or execute...

Hacking AJAX DWR Applications

By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...

flash plug-horse technology-vulnerability warning-the black bar safety net

Recently in a foreign country on the website to see an article about Backdooring Flash Objects the walkthroughof the article, the translation test a bit First class Backdoor function Backdoor static function mainmc getURL"javascript:alert'hello from backdoor'"; As the initial script, written in...

firefox security update

CentOS Errata and Security Advisory CESA-2006:0758 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web...

devhelp, seamonkey security update

CentOS Errata and Security Advisory CESA-2006:0759 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open sour...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox...

CVE-2006-6257

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message...

CVE-2006-6257

The CVE-2006-6257 issue affects AlternC 0.9.5 and earlier, where PHP warning messages disclose sensitive path information when folder names include JavaScript-like strings. The root cause is information leakage via warning output, enabling remote attackers to learn partial path details. Impact is...

RHEL 4 : firefox (RHSA-2006:0733)

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox...

devhelp, seamonkey security update

CentOS Errata and Security Advisory CESA-2006:0734 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open sour...

seamonkey security update

CentOS Errata and Security Advisory CESA-2006:0734-01 Updated seamonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open...

Critical: Red Hat Security Advisory: thunderbird security update

Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were foun...

Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities

Memory corruption, javascript code spoofing, code execution. May be used for hidden malware installation...

Apple Mac OS X多个安全漏洞

Apple Mac OS X是苹果家族机器所使用的操作系统。 最新的Mac OS X更新修复了多个漏洞，具体如下： CVE-2006-1472 AFP Server中的漏洞允许在搜索结果中包含执行搜索用户无权访问的文件和文件夹。如果文件名本身就是敏感信息的话，就可能导致信息泄露；如果权限允许的话，攻击者还可以访问文件内容。 CVE-2006-1473 已认证用户可以触发AFP Server中的整数溢出漏洞，导致拒绝服务或以系统权限执行任意代码。AFP Server在Mac OS X中不是默认启用的。 CVE-2006-3495 在Mac OS X Server上，AFP...

JavaScript code can cause the browser attack-vulnerability warning-the black bar safety net

Security researchers have found a Use JavaScript to scan the family and the enterprise network, and attacks on the network server, and the router and printer and other equipment of the method. Researchers say the malicious JavaScript code can be embedded in a Web page, use the browser to browse t...

security flaw

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via certain Javascript code...