1619 matches found
Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting
Mozilla Multiple Products - Server Refresh Header Cross-Site Scripting source: https://www.securityfocus.com/bid/34656/info The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issue...
javascript: URIs
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...
HP Deskjet 6840打印机refresh_rate.htm跨站脚本漏洞
BUGTRAQ ID: 34480 HP Deskjet 6840是一款彩色喷墨打印机。 HP Deskjet 6840打印机的WEB接口存在跨站脚本漏洞。如果远程攻击者通过POST请求向/refreshrate.htm页面提交了类似于scriptalert"found XSS on this page"/script的字符串的话,所生成的出错页面就会执行请求中嵌入的脚本。 HP Deskjet 6840 XF1M13 HP -- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://itrc.hp.com...
Amaya Web Browser 11.0.1 (Windows Vista) - Remote Buffer Overflow
Amaya Web Browser 11.0.1 Windows Vista - Remote Buffer Overflow !/usr/bin/perl Amaya Web Browser = 11.0.1 Remote Buffer Overflow Exploit Found/Exploit by SkD [email protected] [email protected] ----------------------------------------------- This is advanced buffer overflow exploitation using my...
google-download1.txt
Google Chrome Auto Download and Rapid Download By IMC GrahamPhisher Shoutz IMC Tully IMC EXE Shouts To Everyone On The Forums InsaneMasterminds.com To have a file automatically start downloading through google chrome without the users permission is very easy, simple inject the meta refresh tag in...
LiteNews <= 0.1 Insecure Cookie Handling Vulnerability
No description provided by source. litenews-01 = 1.2 Insecure Cookie Handling Vulnerability AUTHOR : Scary-Boys HOME : http://scary-boys.com Download : http://webscripts.softpedia.com/scriptDownload/LiteNews-Download-43228.htmldownloadlocations DorKs : "Powered By litenews" DESCRIPTION : Maian...
CVE-2008-3187
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service package data corruption via a spoofed key...
CVE-2008-3187
This CVE affects SUSE/openSUSE’s zypper/zypp-refresh-patches workflow. Specifically, in SUSE openSUSE 10.2, 10.3, and 11.0, the component does not prompt before accepting repository keys, allowing a remote repository to trigger a denial of service (package data corruption) via a spoofed key. The ...
zypp-refresh-patches wrapper XML库破坏漏洞
BUGTRAQ ID: 30293 CVE ID:CVE-2008-3187 CNCVE ID:CNCVE-20083187 zypp-refresh-patches是一款关于包管理补丁相关的程序。 zypp-refresh-patches wrapper存在一个安全问题,远程攻击者可以利用漏洞破坏XML库。 攻击者可以注入恶意库KEY草HTTP请求来触发此漏洞,导致使目标用户不仅能升级或者下载新的包。 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 可联系供应商升级到最新程序:...
Cross-Site Scripting vulnerability in ExpressionEngine
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в системе ExpressionEngine. XSS: Уязвимость в скрипте index.php в параметре URL, если включен meta-refresh редиректор. http://site/index.php?URL=223E3Cscript3Ealertdocument.cookie3C/script3E Уязвима версия...
Different IE browser windows have different sessions and different session timeout timing
One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...
Different IE browser windows have different sessions and different session timeout timing
One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...
APC Management Vulnerability
We have found a security exploit in the latest APC firmware versions for there switched rack PDU products. We have only tested this against the version listed below on a AP7932 0u 30amp PDU. Name: rpdu Version: v3.5.5 Date: 07/18/2007 Time: 11:38:29 Name: aos Version: v3.5.6 Date: 07/18/2007 Time...
helios-xss.txt
Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...
CVE-2002-2308
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself...
CVE-2002-2313
The vulnerability CVE-2002-2313 affects Eudora email client 5.1.1 when the “use Microsoft viewer” option is enabled. An HTML email containing a META refresh tag that references an embedded .mhtml file with ActiveX controls can trigger execution of a second embedded program processed by Internet E...
Code injection
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...
CentOS 3 : XFree86 (CESA-2005:501)
Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...
RHEL 3 : XFree86 (RHSA-2005:501)
Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...
XFree86 security update
CentOS Errata and Security Advisory CESA-2005:501 Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security...