Collabtive 0.65 - Multiple Vulnerabilities

ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact: Gaining Administrative Privileges...

Collabtive 0.65 - Multiple Vulnerabilities

Collabtive 0.65 - Multiple Vulnerabilities ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 ...

KnowledgeTree 3.5.2 Community Edition Cross Site Scripting

Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: fdisk Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the last version. Go to search box or search criteria, enter your javascript code...

KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

Exploit for php platform in category web applications ================================================================= KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability ================================================================= Exploit Title: KnowledgeTree 3.5.2 Community...

Exponent CMS 0.97.0 Cross Site Scripting

Title: Exponent Slideshow XSS Vulnerability Vendor: Exponent Product: Exponent CMS Tested Version: 0.97.0 Threat Class: XSS Severity: High Remote: yes Local: no Discovered By: Andrei Rimsa Alvares ===== Description ===== The file "modules/slideshowmodule/slideshow.js.php" is prone to XSS...

Scriptable plugin execution in SeaMonkey mail — Mozilla

Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code :...

ESET Cross Site Scripting

\ // /\ /\ / | \ \ | | | | / \ | \ | | http://www.eset.com/ | / / // / || / / / Cross Site Scripting Exploit Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Vulnerability: Cross Site Scripting ————————- 1. INFORMATION | ————————- Site:...

Zone-H Cross Site Scripting

. | | \ / \ / / \ | | \ / \ / \ / | \ / // | Y \ // \ | | \ / /|| /\ || / \ | / / / / / / / Cross Site Scripting Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ ———————— 1. INFORMATION | ———————— Site: http://www.zone-h.com.cn/...

Chrome privilege escalation in XPCVariant::VariantDataToJS() — Mozilla

Mozilla security researcher mozbugra4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web...

Stolen FTP credentials likely in massive web attacks

From SearchSecurity Rob Westervelt Stolen FTP credentials are suspected as the root cause of a massive attack compromising over 40,000 web sites. Attackers have targeted legitimate websites in the latest wave, and so far researchers at security vendor Websense Inc. say it isn’t likely that SQL...

CVE-2008-2014

Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service application crash via JavaScript code that calls document.write in an infinite loop...

[INFIGO-2008-02-13]: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability

INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...

INFIGO-2008-02-13.txt

INFIGO IS Security Advisory ADV-2008-02-13 http://www.infigo.hr/en/ Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability Advisory ID: INFIGO-2008-02-13 Date: 2008-02-13 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-02-13 Impact: Malicious JavaScript Cod...

Web Server Malicious JavaScript Link Detection

The remote web server seems to link to malicious JavaScript files hosted on a third-party website. This typically means that the remote web server has been compromised, and it may infect its visitors as well. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

firefox security update

CentOS Errata and Security Advisory CESA-2007:0724 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source...

ffoxdie.txt

= 9 setTimeout'foo',3000; else if counter = 6 setTimeout'foo',200; else setTimeout'foo',1000; counter++; else document.getElementById'foo'.src = "http://lcamtuf.coredump.cx/ffoxdieok.html"; // -- Tyger, Tyger. burning bright In the forests of the night, What immortal hand or eye Could frame thy...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...

Bypassing of web filters by using ASCII

iKu Advisory Product : Microsoft InternetExplorer 6 : various filter applications Date : June 20th 2006 Affected versions : all Vulnerability Type : bypassing security filters Severity 1-10 : 10 Remote : yes 0. contents 1. problem description 2. affected software 3. bug description/possible fix 4...

Comersus Cart Cross-Site Scripting Vulnerability

The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the client SPDX-FileCopyrightText: 2004 Noam Rathaus Some tex...