IBM WebSphere DataPower 3.8.2 / 4.0.x / 5.0 Cross Site Scripting

IBM WebSphere DataPower Integration Appliance XI50 versions 3.8.2, 4.0, 4.0.1, 4.0.2, 5.0.0 suffer from a cross site scripting vulnerability. ======================================================================= title: JavaScript Execution in WebSphere DataPower Services product: IBM WebSphere...

WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities

Exploit Title: WordPress Simply Poll Plugin 1.4.1 CSRF and stored XSS Google Dork: inurl:"/wp-content/plugins/simply-poll Date: 16.03.2013 Exploit Author: m3tamantra Vendor Homepage: http://wordpress.org/extend/plugins/simply-poll/ Software Link:...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

e107 1.0.1 - Arbitrary JavaScript Execution via Cross-Site Request Forgery Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 v1.0.1 CSRF Resulting in Arbitrary Javascript Execution

Exploit for php platform in category web applications Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

e107 1.0.1 Administrator Cross Site Request Forgery

Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

PT-2025-31984

Name of the Vulnerable Software and Affected Versions Maxthon3 versions prior to 3.3 Description Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS through the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers t...

Penske Media Corporation Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the...

Mozilla: defaultValue security checks not applied (MFSA 2012-89)

Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same...

Vip torrent 4.X.X - Multiple Vulnerabilities

Exploit for windows platform in category local exploits !/usr/bin/perl 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote,...

FreeBSD : mod_pagespeed -- multiple vulnerabilities (178ba4ea-fd40-11e1-b2ae-001fd0af1a4c)

Google Reports : modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions : - CVE-2012-4001, a problem with validation of own host name. - CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the...

USN-1510-1: Thunderbird vulnerabilities

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly explo...

MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

The versions of InfoPath, Office SharePoint Server, SharePoint Server, Groove Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple privilege escalation and information disclosure vulnerabilities : - An information...

thunderbird security update

CentOS Errata and Security Advisory CESA-2012:0388 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring...

Code injection

Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3...

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

Mozilla: Privilege escalation dropping a tab element in content area

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...

HTML file type attachments are automatically rendered in IE.

h1. Steps to reproduce Create following HTML file and upload to any of Confluence page. code alert"Cookie: " + document.cookie; code Open the file on Internet Explorer 7. Then, you will see the javascript in that HTML file executed automatically. Issue happens with IE9,8,7 with Confluence 3.5...

Time And Expense Management System Cross Site Scripting

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://sourceforge.net/projects/tems/ Discovery...