Debian DSA-051-1 : netscape - unexpected javascript execution

Florian Wesch has discovered a problem reported to bugtraq with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page. This allows JavaScript execution in the 'about:' protocol and can for example be used to...

Debian DSA-073-1 : imp - 3 remote exploits

The Horde team released version 2.2.6 of IMP a web-based IMAP mail program which fixes three security problems. Their release announcement describes them as follows : - A PHPLIB vulnerability allowed an attacker to provide a value for the array element $PHPLIBlibdir, and thus to get scripts from...

CVE-2001-1351

CVE-2001-1351 concerns a cross-site scripting vulnerability in Namazu 2.0.8 and earlier. The issue allows remote attackers to execute arbitrary JavaScript in the context of other web users when displaying hit numbers, via the index file name shown in results. Affected component: Namazu search int...

CVE-2001-1352

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter...

lostBook v1.1 Javascript Execution

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: lostBook vendor: veryLost verylost.tk Affected Versions: 1.1 and lower Description: A simple flat db guestbook Vulnerabilities: XSS Date: July 29, 2004 Vuln Finder: r3d5pik3 me...

Microsoft Outlook Express - JavaScript Execution

Microsoft Outlook Express - JavaScript Execution From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to test milw0rm.com 2004-07-13...

MS Outlook Express Javascript Execution Vulnerability

Exploit for unknown platform in category remote exploits ===================================================== MS Outlook Express Javascript Execution Vulnerability ===================================================== From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to...

MSOE Javascript Execution Vulnerability

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net Outlook Express Window Opener Script Execution Vulnerability Tested Microsoft Outlook Express version 6.0.2800.1123. Microsoft Windows XP sp2 Discussion Microsoft Outlook Express is prone to a vulnerabili...

Microsoft Outlook Express - JavaScript Execution

From: To: Subject:MSOE Scripting Example Content-Type:text/html click here to test milw0rm.com 2004-07-13...

mozilla -- NULL bytes in FTP URLs

When handling FTP URLs containing NULL bytes, Mozilla will interpret the file content as HTML. This may allow unexpected execution of Javascript when viewing plain text or other file types via FTP...

CVE-2004-0549

The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine MSHTML, as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript,...

SCT javascript execution vulnerability

Vendor : SCT URL : http://www.sct.com/Education/Products/ConnectedLearning/CampusPipeline.html Version : CampusPipeline Risk : javascript execution Description: SCT Campus Pipeline is the Web platform of choice at over 175 institutions. It improves efficiency, builds community, and provides freed...

WebCT Campus Edition 4.1 - Cross site scripting using CSS @import

Name: WebCT Campus Edition 4.1 - Cross site scripting using CSS @import Release date: 2004/03/29 Application: WebCT Campus Edition 4.1 4.1.1.5, possibly others Vendor URL: http://www.webct.com/ WebCT Inc. Author: Simon Boulet simon boulet divahost net Legal Notice: -------------------- This...

Microsoft Outlook shell characters problem

Shell characters problem allow javacript execution in local zone...

CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...

Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)

source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the issue presents itself due to a failure by Internet Explorer to remove JavaScri...

[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Changing UBB cookie allows account hijack

Application: UBB 6.? Platform: Any system supporting PERL. Severity: Malicious users can steal session cookies, allowing administrative access to the bulletin board. Also custom html/js insertion in forum page is possible. Author: antiacid [email protected] Web:...

"netscape navigator" is cracked.

Readers' Favorite - Make Notes in Your Browser today! http://liudieyuinchina.vip.sina.com/domex/aPoP/ http://domex.int.tc/ "netscape navigator" is cracked. "that's all" is end of file if you are in a hurry tested OS:Windows Server 2003 Enterprise Browser: "Netscape Navigator 7.02" "Mozilla/5.0...

Using Java from Javascript

Opera and Netscape browsers allow you to include java methods calls in your javascript . As Javascript has support for objects you can use objects returned by these calls in your scripts . I have been looking for information about the possibly security implications and vulnerabilities published...