[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability

Title: Kil13r-SA-20060622-1 NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/21 - Discovery 2006/06/21 - Vendor notification 2006/06/22 - Release Affected version: NetSoft SmartNet 2.0 Not affected version:...

[Kil13r-SA-20060609-1] Daum Search Cross-Site Scripting Vulnerability

Title: Kil13r-SA-20060609-1 Daum Search Cross-Site Scripting Vulnerability Author: Kil13r - http://www.kil13r.info/ Local / Remote: Remote Timeline: 2006/06/09 - Discovery 2006/06/09 - Vendor notification 2006/06/09 - Release Affected version: Not affected version: Description: Daum is internet...

[SA20376] Firefox Multiple Vulnerabilities

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

ByteHoard <= 2.1 multiple vulnerabilities

ByteHoard = 2.1 multiple vulnerabilities Discovered by: Nomenumbra Date: 23/5/2006 impact:high file manipulation,privilege escalation,possible defacement ByteHoard versions up to 2.1 are prone to multiple vulnerabilities, including directory traversal. 0x00 Directory traversal: Users are able to...

EV0104.txt

New eVuln Advisory: Skull-Splitter's PHP Guestbook XSS Vulnerability http://evuln.com/vulns/104/summary.html --------------------Summary---------------- eVuln ID: EV0104 CVE: CVE-2006-1256 Software: Skull-Splitter's PHP Guestbook Sowtware's Web Site: http://www.boysen.be/ Versions: 2.6 2.7 Critic...

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.

Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and posts events. Because no filtering...

Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities

Jupiter CMS , to redirect the user to a page of your choice, to avoid suspicion and disclosure of your cookiestealer's location. This injections would allow an attacker to redirect users to a page of his choice, effectively defacing the page:...

ipb.2.1-english.txt

Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...

Invision Power Board 2.1 : Multiple XSS Vulnerabilities

Fast translation of benji's advisory Author : benjilenoob WebSite : http://benji.redkod.org/ and http://www.redkod.org/ Audit in pdf : http://benji.redkod.org/audits/ipb.2.1.pdf Product : Invision power board Version : 2.1 Tisk : Low. XSS I- XSS non critical: -------------------- 1. Input passed ...

Horde 3.0 XSS Vulnerability

Horde is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IlohaMail < 0.8.13 Email Header HTML Injection Vulnerability

IlohaMail does not properly sanitize message headers, leaving users vulnerable to cross-site scripting XSS attacks. For example, a remote attacker could inject Javascript code that steals the user SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a...

CVE-2005-2688

Multiple cross-site scripting XSS vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to 1 footer.php, 2 header.php, 3 menudx.php, or 4 menusx.php, or Javascript code in the 5 HTTPREFERER referer or 6 HTTPUSERAGENT us...

gravityBad.txt

4.22 07/08/2005 Gravity Board X v1.1 possibly prior versions Remote code execution, SQL Injection / Login Bypass, cross site scripting, path disclosure poc software: author site: http://www.gravityboardx.com/ a Sql Injection / Login Bypass: A user can bypass login check and grant administrator...

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

GLSA-200507-18 : MediaWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-18 MediaWiki: XSS vulnerability MediaWiki fails to escape a parameter in the page move template correctly. Impact : By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

CVE-2002-1770

Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer...

PHP-Fusion BBCode IMG Tag XSS

The remote host is running a version of PHP-Fusion that does not sufficiently sanitize JavaScript code. Specifically, an attacker can inject JavaScript code that bypasses the filters in 'fusioncore.php' by HTML-encoding it. This code will then be executed in the context of a user's browser when...

CVE-2004-1200

Firefox and Mozilla allow remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1198

Microsoft Internet Explorer allows remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1200

CVE-2004-1200 affects Firefox and Mozilla browsers. The vulnerability allows remote attackers to trigger high memory usage via JavaScript that repeatedly creates and sorts nested arrays, causing an application crash (DoS). The NVD entry documents a network-exposed scenario with a partial availabi...