CVE-2007-3150

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

Portcullis Security Advisory 06-035

Portcullis Security Advisory 06-035 Vulnerable System: Movable Type. Vulnerability Title: The create entry mechanism is vulnerable to JavaScript injection. Vulnerability Discovery And Development: Portcullis Security Testing Services Credit for Discovery: Tim Brown - Portcullis Computer Security...

NDSA20070412.txt

Nth Dimension Security Advisory NDSA20070412 Date: 12th April 2007 Author: Tim Brown URL: / Product: DSL-G624T router V3.00B01T02.UK-A.20060208 Vendor: D-Link Risk: Medium Summary Following the Securiteam posting "D-Link DSL-G604T Wireless Router Directory Traversal" which described a directory...

DSA-1275-1 zope2.7 - cross-site scripting

Bulletin has no description...

CVE-2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting XSS attacks by injecting arbitrary JavaScript or HTML in a 1 db or 2 table parameter value followed by an uppercase end tag, which bypasses the protection...

Portcullis Security Advisory - Movable Type

Portcullis Security Advisory Tim Brown [email protected] - www.portcullis-security.com [email protected] - www.nth-dimension.org.uk Vulnerable System: Movable Type Vulnerability Title: Username and password hash for administration interface stored in cookie. Vulnerability...

CVE-2006-4975

Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service...

[Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list

Advisory: Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Release Date: 2006-08-30 Application: Lyris ListManager 8.95 Risk: Depends upon your use and business context Vendor site: http://www.lyris.com/ Overview of Product: "Lyris ListManager is the world's most popular...

CVE-2006-3211

Cross-site scripting XSS vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

CVE-2006-2611

MediaWiki 1.6.x is affected in includes/Sanitizer.php (variable handler) by CVE-2006-2611. The vulnerability allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the | character, and is exploitable before revision r14349. The NVD notes a Medium risk w...

FreeBSD : mozilla -- multiple vulnerabilities (84630f4a-cd8c-11da-b7b9-000c6ec775d9)

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-29 Spoofing with translucent windows - MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented -...

ChipmunkBoard Multiple Attack vectors

ChipmunkBoard Multiple Attack vectors Discovered by: Nomenumbra Date: 6/4/2006 impact:high privilege escalation,possible defacement It is possible to insert the following javascript in the BBcode or supply it as your avatar url: javascript:alert27xss27; Also ChipmunkBoard is prone to SQL-injectio...

DSA-1051-1 mozilla-thunderbird - several vulnerabilities

Bulletin has no description...

Page attack the theory and implementation-vulnerability warning-the black bar safety net

Page attack can be divided into two categories One is the use of a browser vulnerability in the access page to write malicious code for visitors of the attack. Here we can be understood as the service end-to-client attacks. Another just opposite, is the visitors use the page of the vulnerability ...

security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

DEBIAN-CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

CVE-2006-1741

CVE-2006-1741 affects Mozilla Firefox (1.x up to 1.5, and 1.0.x up to 1.0.8), Mozilla Suite up to 1.7.13, and SeaMonkey up to 1.0, enabling remote attackers to inject arbitrary JavaScript into other sites. The root causes involve (1) using a modal alert to suspend an event handler during page loa...

mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-29 Spoofing with translucent windows MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented MFSA...