Rumba CMS 2.4 Cross Site Scripting

================================== Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrumbacms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. http://rumbacms.com Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010...

NewsOffice 2.0.18 Cross Site Scripting

------------------------------------------------------------------------ Software................NewsOffice 2.0.18 Vulnerability...........Reflected XSS Download................http://newsoffice.newanz.com/ Release Date............7/5/2010 Tested On...............Windows Vista + XAMPP...

Orbis 1.0.2 Cross Site Scripting

------------------------------------------------------------------------ Software................Orbis 1.0.2 Vulnerability...........Reflected XSS Download................http://www.novo-ws.com/orbis-cms/ Release Date............7/5/2010 Tested On...............Windows Vista + XAMPP...

Wiki Web Help 0.2.7 cross site scripting

No description provided by source. ------------------------------------------------------------------------ Software................Wiki Web Help 0.2.7 Vulnerability...........Persistent/Reflected XSS Download................http://sourceforge.net/projects/wwh/ Release Date............7/1/2010...

Fedora 12 : python-paste-1.7.4-1.fc12 (2010-10383)

1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...

Stored XSS vulnerability in synType CMS comment text field

Vulnerability ID: HTB22417 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinsyntypecmscommenttextfield.html Product: synType CMS Vendor: MindArray GbR Vulnerable Version: V.0.12.2 and Probably Prior Versions Vendor Notification: 03 June 2010 Vulnerability Type: Stored XSS Cross...

CVE-2010-2110

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors...

Google Patches 'High Risk' Chrome Flaws

Google has pushed out another automatic Chrome browser update to fix multiple security issues that could expose users to hacker attacks. Google Chrome 5.0.375.55, available for Windows, Mac and Linux, addresses at least two “high risk” vulnerabilities and several security-related denial-of-servic...

Google Chrome < 5.0.375.55 Multiple Vulnerabilities

Binary data 5553.pasl...

Ziepod+ 1.0 Cross Application Scripting

!/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...

Ziepod+ 1.0 - CrossApplication Scripting

Ziepod+ 1.0 - CrossApplication Scripting !/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // |...

Ziepod+ 1.0 - CrossApplication Scripting

!/usr/bin/python import thread import socket """ |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | |...

Design/Logic Flaw

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

CVE-2010-1585

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

Ubuntu 8.10 / 9.04 / 9.10 : kdebase-runtime vulnerabilities (USN-872-1)

It was discovered that the KIO subsystem of KDE did not properly perform input validation when processing help:// URIs. If a user or KIO application processed a crafted help:// URI, an attacker could trigger JavaScript execution or access files via directory traversal. Note that Tenable Network...

USN-872-1: KDE 4 Runtime vulnerabilities

It was discovered that the KIO subsystem of KDE did not properly perform input validation when processing help:// URIs. If a user or KIO application processed a crafted help:// URI, an attacker could trigger JavaScript execution or access files via directory traversal...

CVE-2009-4148

DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a 1 .ds, 2 .dsa, 3 .dse, or 4 .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."...

KDE -- multiple vulnerabilities

oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...

Mozilla Thunderbird WYSIWIG Engine Filtering IFRAME JavaScript Execution (CVE-2006-0884)

Mozilla Thunderbird is an email client application often seen as an alternative to the mainstream Microsoft email clients. Thunderbird supports various email delivering protocols such as SMTP, IMAP and POP3. The program is also capable of reading and composing HTML formatted email messages. A...

Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities

Binary data 5161.prm...