16 matches found
PT-2025-15695 · Ibm · Ibm Security Verify Governance
Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...
Microsoft SharePoint Server CVE-2017-11775 Cross Site Scripting Vulnerability
Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Microsoft Internet Explorer 9 - MSHTML CElement::HasFlag Memory Corruption
// First tag can be any inline but must NOT be closed yet // Second tag can be anything that's not inline. // "text1" can be anything document.write'text1'; // The tree is in good shape. show"DOM Tree after first write", getElementTreedocument.body; // At this point, it appears that MSIE is sti...
B.A.S C2Box Security Bypass Vulnerability
B.A.S C2Box is a financial management solution for managing domestic and cross-border payment processes from B.A.S France. A security vulnerability exists in B.A.S C2Box 4.0.0 r19171 and prior versions, which stems from a failure to protect server-side code when performing authentication on the...
Microsoft Exchange Server Outlook Web Access CVE-2015-1628 Cross Site Scripting Vulnerability
Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...
Microsoft Internet Explorer Shift JIS Encoded Characters Cross-Site Scripting Vulnerability
Description Microsoft Internet Explorer is prone to a cross-site scripting vulnerability. An attacker can exploit this issue to gain access to information in another domain or Internet Explorer zone. This may allow the attacker to obtain sensitive information that may aid in further attacks...
Mozilla Foundation Security Advisory 2010-17
Mozilla Foundation Security Advisory 2010-17 Title: Remote code execution with use-after-free in nsTreeSelection Impact: Critical Announced: March 30, 2010 Reporter: regenrecht via TippingPoint's Zero Day Initiative Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.5.9 Firefox 3.0.19...
security flaw
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message...
Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"
Overview Certain Mozilla products contain a cross-site scripting vulnerability because of a vulnerability in the XPCNativeWrapper function. Description XPCNativeWrapper Per Mozilla, XPCNativeWrapper is a way to wrap up an object so that it is safe to access from privileged code. It is used to all...
US-CERT Technical Cyber Security Alert TA06-153A -- Mozilla Products Contain Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-153A Mozilla Products Contain Multiple Vulnerabilities Original release date: June 2, 2006 Last revised: -- Source: US-CERT Systems Affected Mozilla SeaMonkey Firefox web browser...
pmwikiXSS.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0005 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ PmWiki 2.0.12 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 22, 2005 PUBLISHED AT...
FreeBSD : mozilla -- code execution through javascript: favicons (1989b511-ae62-11d9-a788-0001020eed82)
A Mozilla Foundation Security Advisory reports : Firefox and the Mozilla Suite support custom 'favicons' through the tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software...
mozilla -- "Wrapped" javascript: urls bypass security checks
A Mozilla Foundation Security Advisory reports: Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source: pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...
Opera FTP View Cross-Site Scripting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Opera FTP View Cross-Site Scripting Vulnerability Date: 4 August 2002 Author: Eiji James Yoshida [email protected] Risk: Medium Vulnerable: Windows2000 SP2 Opera 6.03 Windows2000 SP2 Opera 6.04 Overview: Opera allows running Malicious...
newsbug.txt
------=NextPart000015301BF7FF9.87FC33E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I created my NewsBug approximately 2-3 months ago but never did = anything further with it as I have a lot of other projects I am working = on. I reported this to MS ...
netscape.4.x-javascript-unix.txt
Date: Thu, 29 Oct 1998 17:09:23 -0600 From: Ryan Gray To: [email protected] Subject: Re: Javascript bug in Netscape Communicator 4.5 Hello, Just wanted to add that Netscape Communicator 4.5b2 on Slackware Linux 3.5 kernel 2.0.34 is susceptible to this also. I was able to get the script to read...