Exponent CMS 0.97.0 Cross Site Scripting

Title: Exponent Slideshow XSS Vulnerability Vendor: Exponent Product: Exponent CMS Tested Version: 0.97.0 Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== The file "modules/slideshowmodule/slideshow.js.php" is prone to XSS...

Scriptable plugin execution in SeaMonkey mail — Mozilla

Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code :...

ESET Cross Site Scripting

\ // /\ /\ / | \ \ | | | | / \ | \ | | http://www.eset.com/ | / / // / || / / / Cross Site Scripting Exploit Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Vulnerability: Cross Site Scripting ————————- 1. INFORMATION | ————————- Site:...

Zone-H Cross Site Scripting

. | | \ / \ / / \ | | \ / \ / \ / | \ / // | Y \ // \ | | \ / /|| /\ || / \ | / / / / / / / Cross Site Scripting Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ ———————— 1. INFORMATION | ———————— Site: http://www.zone-h.com.cn/...

Chrome privilege escalation in XPCVariant::VariantDataToJS() — Mozilla

Mozilla security researcher mozbugra4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web...

Stolen FTP credentials likely in massive web attacks

From SearchSecurity Rob Westervelt Stolen FTP credentials are suspected as the root cause of a massive attack compromising over 40,000 web sites. Attackers have targeted legitimate websites in the latest wave, and so far researchers at security vendor Websense Inc. say it isn’t likely that SQL...

CVE-2008-2014

Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...

[INFIGO-2008-02-13]: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability

INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...

INFIGO-2008-02-13.txt

INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...

Web Server Malicious JavaScript Link Detection

The remote web server seems to link to malicious JavaScript files hosted on a third-party website. This typically means that the remote web server has been compromised, and it may infect its visitors as well. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

firefox security update

CentOS Errata and Security Advisory CESA-2007:0724 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source...

ffoxdie.txt

= 9 setTimeout'foo',3000; else if counter = 6 setTimeout'foo',200; else setTimeout'foo',1000; counter++; else document.getElementById'foo'.src = "http://lcamtuf.coredump.cx/ffoxdieok.html"; // -- Tyger, Tyger. burning bright In the forests of the night, What immortal hand or eye Could frame thy...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...

Bypassing of web filters by using ASCII

iKu Advisory Product : Microsoft InternetExplorer 6 : various filter applications Date : June 20th 2006 Affected versions : all Vulnerability Type : bypassing security filters Severity 1-10 : 10 Remote : yes 0. contents 1. problem description 2. affected software 3. bug description/possible fix 4...

Comersus Cart Cross-Site Scripting Vulnerability

The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client SPDX-FileCopyrightText: 2004 Noam Rathaus Some tex...

GLSA-200507-18 : MediaWiki: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-18 MediaWiki: XSS vulnerability MediaWiki fails to escape a parameter in the page move template correctly. Impact : By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...

XXS in fusetalk forum

Vendor : fusetalk URL : http://www.fusetalk.com/ Version: 4.0 Risk : Cross site scripting Description: Fusetalk is a discussion forum solution that provides a powerful and simple method of web-based collaboration. Cross site scripting: The filtering script for the img src= doesnt filter " if...

CVE-2003-0814

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...

Cacheflow CacheOS 3.1.x/4.0.x/4.1 - Unresolved Domain Cross-Site Scripting

source: https://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host error page. An attacker may constru...