CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2007/10/19 3:45 p.m.•4 views

security flaw

9.3CVSS6.1AI score0.03153EPSS

Tenable Nessus•added 2007/10/17 12:0 a.m.•28 views

openSUSE 10 Security Update : seamonkey (seamonkey-2098)

This security update brings Mozilla SeaMonkey to version 1.0.5. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory corruption MFSA...

10CVSS7.5AI score0.14074EPSS

Exploits0References8

Tenable Nessus•added 2007/10/17 12:0 a.m.•35 views

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-2100)

This security update brings Mozilla Thunderbird to version 1.5.0.7. More Details can be found on this page: http://www.mozilla.org/projects/security/known-vulnerabilities.html It includes fixes to the following security problems: MFSA 2006-64/CVE-2006-4571: Crashes with evidence of memory...

10CVSS7.5AI score0.14074EPSS

Exploits1References8

securityvulns•added 2007/07/19 12:0 a.m.•62 views

Insanely simple blog - Multiple vulnerabilities

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

0.8AI score

Packet Storm•added 2007/07/18 12:0 a.m.•37 views

isb05-sql.txt

Symantec•added 2007/04/16 12:0 a.m.•15 views

Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities

Description Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting these issues allows remote attackers to execute...

0.7AI score

Exploits0References2Affected Software1

Packet Storm•added 2007/03/27 12:0 a.m.•27 views

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

securityvulns•added 2007/03/25 12:0 a.m.•48 views

[Full-disclosure] Fizzle : Firefox Extension Vulnerability

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus becomes and so forth. Various feeds fields are vulnerable including the title which allows th...

7.2AI score

Tenable Nessus•added 2007/03/19 12:0 a.m.•29 views

GLSA-200703-18 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200703-18 Mozilla Thunderbird: Multiple vulnerabilities Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the...

9.3CVSS8.9AI score0.5036EPSS

Exploits0References7

RedHat Linux•added 2007/03/14 5:2 a.m.•2 views

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

6.8CVSS6.2AI score0.03209EPSS

RedHat Linux•added 2007/02/23 9:6 p.m.•2 views

security flaw

6.8CVSS6.2AI score0.03209EPSS

RedHat Linux•added 2007/01/11 11:10 a.m.•4 views

security flaw

Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...

4.3CVSS5.8AI score0.4526EPSS

Exploits2References4

Packet Storm•added 2007/01/05 12:0 a.m.•36 views

gmx-xss.txt

hello everybody, recently, i've detected that gmx, a german freemail-provider it offers professional services too is prone to a xss-vulnerability. An attacker could send an email containing these string: Because gmx-webmail displays html-mails also, you can color the code white so that the...

Packet Storm•added 2007/01/04 12:0 a.m.•22 views

pdf-xss.txt

I will be very quick and just point to links where you can read about this issue. It seams that PDF documents can execute JavaScript code for no apparent reason by using the following template: http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere You must understand that the...

securityvulns•added 2007/01/03 12:0 a.m.•58 views

[Full-disclosure] Universal XSS with PDF files: highly dangerous

0.5AI score

Packet Storm•added 2006/12/28 12:0 a.m.•23 views

youtube-js.txt

The following URL will cause javascript to execute in the context of youtube http://www.youtube.com/p.swf?videoid=eVFF98kNg8Q&eurl=&t=&iurl=javascript:alert'Javascript%20executed!\r\n\r\nLocation: '%2bwindow.location%2b'\r\n\r\nCookie: '%2bdocument.cookie Cheers...

Debian•added 2006/12/03 3:30 p.m.•33 views

[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1224-1 [email protected] http://www.debian.org/security/ Martin Schulze December 3rd, 2006 http://www.debian.org/security/faq -...

7.5CVSS6.8AI score0.05833EPSS