5077 matches found
CVE-2006-1741
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...
CVE-2006-1741
CVE-2006-1741 affects Mozilla Firefox (1.x up to 1.5, and 1.0.x up to 1.0.8), Mozilla Suite up to 1.7.13, and SeaMonkey up to 1.0, enabling remote attackers to inject arbitrary JavaScript into other sites. The root causes involve (1) using a modal alert to suspend an event handler during page loa...
mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-29 Spoofing with translucent windows MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented MFSA...
phpBB <= 2.0.18 Multiple Cross-Site Scripting Flaws
The remote web server contains a PHP application that is affected by several flaws. Description : According to its version number, the remote version of this software is vulnerable to Javascript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may...
CVE-2006-0735
Cross-site scripting XSS vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an 1 img or 2 url BBcode tag...
XSS vulnerability in guestbook-php-script
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...
Cross site scripting
Cross-site scripting XSS vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags...
Cross site scripting
Cross-site scripting XSS vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag...
Ubuntu 5.04 : mozilla-firefox vulnerabilities (USN-149-1)
Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. CAN-2005-1937 In several places the browser user interface did not...
phpBB < 2.0.19 Multiple XSS
According to its version number, the remote version of this software is vulnerable to JavaScript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may allow an attacker to inject hostile JavaScript into the forum system to steal cookie credentials o...
[Full-disclosure] Php Web Statistik Multiple Vulnerabilities
PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...
zoomblogJS.txt
DETAILS Zoomblog is prone to javascript injection attacks. Zoomblog does not adequately filter tags from various fields. It is possible for a malicious Zoomblog user to inject hostile javascript code into the commentary via form fields. This code may be rendered in the browser of a web user who...
[Full-disclosure] Buggy blogging
Portcullis Security Advisory Tim Brown [email protected] - www.portcullis-security.com [email protected] - www.nth-dimension.org.uk Vulnerable System: Movable Type Vulnerability Title: Username and password hash for administration interface stored in cookie. Vulnerability...
Oracle 9iAS iSQLplus XSS
The login-page of Oracle9i iSQLplus allows the injection of HTML and Javascript code via the username and password parameters. Description : The remote host is running a version of the Oracle9i 'isqlplus' CGI which is vulnerable to a cross site scripting issue. An attacker may exploit this flaw t...
Flat Nuke Cross Site Scripting
Web Site: Vulnerable: FlatNuke = 2.5.6 This script is possibly vulnerable to Cross Site Scripting XSS attacks Malicious users may inject JavaScript, VBScript, ActiveX, into a vulnerable application to fool a user in order to gather data from them. Affects...
XSS Vulnerability in MIVA Merchant 5 - Includes Fix
MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled core-4...
CVE-2005-2442
CVE-2005-2442 concerns a Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196. The connected documents confirm the issue arises in WebInspect and enables remote attackers to inject Javascript from one application into another (XAS), with remote exploitation described...
security flaw
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by...
McAfee Intrushield IPS Abuse
/ $ An open security advisory 8 - McAfee Intrushield IPS Management Console Abuse 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Local / Remote $ This advisory and/or proof of concept code must not be used for...
CVE-2002-1688
This CVE concerns Microsoft Internet Explorer versions 5.5–6.0, where the browser history feature can be abused to execute arbitrary JavaScript in the context of a user session. An attacker can inject JavaScript into the URL, which is executed when the user clicks Back, allowing remote script exe...