Mozilla Firefox/Firefox ESR/SeaMonkey Arbitrary Code Execution Vulnerability

Mozilla Firefox, Firefox ESR and SeaMonkey are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.SeaMonkey is a free, open source, and cross-platform web suite. A security vulnerability in the asm.js implementation...

Microsoft Exchange Server CVE-2015-1629 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

Microsoft Exchange Server CVE-2015-1630 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

Mao10CMS v3.1.0存储型xss

简要描述： rt 详细说明： 在发布文章处，插入xss代码 然后查看文章，直接执行了插入的js代码 在测试demo的时候被阿里云的防护拦截了 漏洞证明：...

Fedora 20 : kwebkitpart-1.3.4-5.fc20 (2014-15130)

Sanitize input to disallow JavaScript being executed in the context of the referenced hostname. See also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable h...

Ubuntu 12.04 LTS : kde-runtime vulnerability (USN-2414-1)

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

MGASA-2014-0478 Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability

kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname CVE-2014-8600...

Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability

kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname CVE-2014-8600...

Direct Web Remoting (DWR) vulnerable to cross-site scripting

Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

kwebkitpart, kde-runtime -- insufficient input validation

Albert Aastals Cid reports: kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. Whilst in most cases, the JavaScript will be executed in an untrusted context, with the bookmarks IO slav...

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...

ntopng 1.2.0 - Cross-Site Scripting Injection

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

Mirapoint Web Mail Expression() HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20840/info Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary JavaScript in the victim's...

Prometeo 1.0.65 - SQL Injection Vulnerability

No description provided by source. // / ////// //////// /// / / / / // / / / / /// //////// / / // / / / // / // /// //////// // ================================= Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo...

Claroline 1.10 Persistent XSS Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................Claroline 1.10 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.claroline.net/...

e107 1.0.1 - CSRF Resulting in Arbitrary Javascript Execution

No description provided by source. Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

Good for Enterprise 2.2.2.1611 - XSS Vulnerability

No description provided by source. The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept: HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: body div scriptalert'XSS Here'/script /div...

[ MDVSA-2014:111 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...

F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2014-05-22 === FEX Frams' Fast File EXchange - Multiple Issues - - --------------------------------------------------------------------- Affected Versions ================= FEX Frams' Fast File...

[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults

CVE-2014-0073: Apache Cordova In-App-Browser privilege escalation Severity: Important Vendor: The Apache Software Foundation Versions Affected: Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 Cordova In-App-Browser iOS standalone plugin org.apache.cordova.inappbrowser...