4975 matches found
Firefox arbitrary signed JAR code execution
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...
Firefox arbitrary signed JAR code execution
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...
Signed JAR tampering — Mozilla
Security researchers Collin Jackson and Adam Barth reported a series of vulnerabilities which allow JavaScript to be injected into the context of signed JARs and executed under the context of the JAR's signer. This could allow an attacker to run JavaScript in a victim's browser with the privilege...
S21SEC-042-en:Cezanne SW Cross-Site Scripting (login required)
S21Sec Advisory - Title: Cezanne SW Cross-Site Scripting login required ID: S21SEC-042-en Severity: Medium History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL:...
S21SEC-041-en:Cezanne SW Cross-Site Scripting
S21Sec Advisory - Title: Cezanne SW Cross-Site Scripting ID: S21SEC-041-en Severity: Medium History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL: http://www.s21sec.com/avisos/s21sec-41-en.txt SUMMARY...
Hardcoded credentials
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topiclist URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link...
CVE-2008-0060
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topiclist URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link...
Search Unleashed 0.2.10 JavaScript injection (Wordpress plugin)
Hello all, There is a bug in "Log" function of Search Unleashed by John Godley, version 0.2.10. This plug-in stores search queries but does not validates stored data and put them back "raw" to browser. HTML and Java Script can be injected with search request:...
Debian: Security Advisory (DSA-775-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XSS vulnerability in recently updated and configure RSS feed actions
Our eSecurity team has identified a Cross Site Scripting issue with the confluence server as follows: Arbirtatry javascript can be injected in the following cases which can lead to escalated or invalid privileges being granted to an unauthorized user: 1...
mps-insertion.txt
HSCMySpace Scripts - Poll Creator JavaScript Injection Vulnerability Our MySpace Poll Creator script is the ultimate addition to your MySpace resource site. The script enables your user to quickly and easily create a poll that they can post to profile or bulletin to all their friends. Everyone...
迅雷5 0-Day
No description provided by source. script type="text/jscript"function init document.write"";window.onload = init;/script SCRIPT language="JavaScript" var expires = new Date; expires.setTimeexpires.getTime + 24 60 60 1000; var setcookie = document.cookie.indexOf"3Ware=";...
sfshoutbox-inject.txt
----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: SF-Shoutbox 1.2.1 = 1.4 HTML/JS Injection Vulnerability || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME...
NDSA20071016.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...
Serious holes affecting SiteBar 3.3.8
All, As a result of a short security audit of SiteBar, a number of security holes were found. The holes included code execution, a malicious redirect and multiple cases of Javascript injection. After liasing with the developers, the holes have been patched. Attached are the advisory and patch...
S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting
S21Sec Advisory - Title: Alcatel Omnivista 4760 Cross-Site Scripting ID: S21SEC-038-en Severity: Medium - History: 10.Jun.2007 Vulnerability discovered 20.Jun.2007 Vendor contacted 19.Oct.2007 Advisory released Authors: Juan de la Fuente Costa [email protected] Pablo Seijo Cajaraville...
about: blank windows
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
Core Security Technologies Advisory 2007.0817
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...
CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command execution, HTML...
CVE-2007-5046
Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...