Lucene search
K

1619 matches found

exploitpack
exploitpack
added 2009/04/22 12:0 a.m.11 views

Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting

Mozilla Multiple Products - Server Refresh Header Cross-Site Scripting source: https://www.securityfocus.com/bid/34656/info The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. Attackers can exploit these issue...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/04/21 11:44 p.m.2 views

javascript: URIs

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...

4.3CVSS7.3AI score0.05565EPSS
Exploits0References4
seebug.org
seebug.org
added 2009/04/13 12:0 a.m.24 views

HP Deskjet 6840打印机refresh_rate.htm跨站脚本漏洞

BUGTRAQ ID: 34480 HP Deskjet 6840是一款彩色喷墨打印机。 HP Deskjet 6840打印机的WEB接口存在跨站脚本漏洞。如果远程攻击者通过POST请求向/refreshrate.htm页面提交了类似于scriptalert"found XSS on this page"/script的字符串的话,所生成的出错页面就会执行请求中嵌入的脚本。 HP Deskjet 6840 XF1M13 HP -- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://itrc.hp.com...

6.3AI score
Exploits0
exploitpack
exploitpack
added 2008/12/28 12:0 a.m.17 views

Amaya Web Browser 11.0.1 (Windows Vista) - Remote Buffer Overflow

Amaya Web Browser 11.0.1 Windows Vista - Remote Buffer Overflow !/usr/bin/perl Amaya Web Browser = 11.0.1 Remote Buffer Overflow Exploit Found/Exploit by SkD [email protected] [email protected] ----------------------------------------------- This is advanced buffer overflow exploitation using my...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2008/09/04 12:0 a.m.33 views

google-download1.txt

Google Chrome Auto Download and Rapid Download By IMC GrahamPhisher Shoutz IMC Tully IMC EXE Shouts To Everyone On The Forums InsaneMasterminds.com To have a file automatically start downloading through google chrome without the users permission is very easy, simple inject the meta refresh tag in...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/08/06 12:0 a.m.76 views

LiteNews <= 0.1 Insecure Cookie Handling Vulnerability

No description provided by source. litenews-01 = 1.2 Insecure Cookie Handling Vulnerability AUTHOR : Scary-Boys HOME : http://scary-boys.com Download : http://webscripts.softpedia.com/scriptDownload/LiteNews-Download-43228.htmldownloadlocations DorKs : "Powered By litenews" DESCRIPTION : Maian...

7.1AI score
Exploits0
NVD
NVD
added 2008/07/21 4:41 p.m.21 views

CVE-2008-3187

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service package data corruption via a spoofed key...

5CVSS6.5AI score0.01674EPSS
Exploits1References4
CVE
CVE
added 2008/07/21 4:0 p.m.61 views

CVE-2008-3187

This CVE affects SUSE/openSUSE’s zypper/zypp-refresh-patches workflow. Specifically, in SUSE openSUSE 10.2, 10.3, and 11.0, the component does not prompt before accepting repository keys, allowing a remote repository to trigger a denial of service (package data corruption) via a spoofed key. The ...

5CVSS6.5AI score0.01674EPSS
Exploits1References4Affected Software1
seebug.org
seebug.org
added 2008/07/21 12:0 a.m.38 views

zypp-refresh-patches wrapper XML库破坏漏洞

BUGTRAQ ID: 30293 CVE ID:CVE-2008-3187 CNCVE ID:CNCVE-20083187 zypp-refresh-patches是一款关于包管理补丁相关的程序。 zypp-refresh-patches wrapper存在一个安全问题,远程攻击者可以利用漏洞破坏XML库。 攻击者可以注入恶意库KEY草HTTP请求来触发此漏洞,导致使目标用户不仅能升级或者下载新的包。 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 可联系供应商升级到最新程序:...

5CVSS6.5AI score0.01674EPSS
Exploits1
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.37 views

Cross-Site Scripting vulnerability in ExpressionEngine

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в системе ExpressionEngine. XSS: Уязвимость в скрипте index.php в параметре URL, если включен meta-refresh редиректор. http://site/index.php?URL=223E3Cscript3Ealertdocument.cookie3C/script3E Уязвима версия...

0.2AI score
Exploits0
Atlassian
Atlassian
added 2008/01/23 2:4 p.m.21 views

Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/01/23 2:4 p.m.37 views

Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...

7AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2007/11/30 12:0 a.m.43 views

APC Management Vulnerability

We have found a security exploit in the latest APC firmware versions for there switched rack PDU products. We have only tested this against the version listed below on a AP7932 0u 30amp PDU. Name: rpdu Version: v3.5.5 Date: 07/18/2007 Time: 11:38:29 Name: aos Version: v3.5.6 Date: 07/18/2007 Time...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/11/02 12:0 a.m.26 views

helios-xss.txt

Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/10/26 7:0 p.m.20 views

CVE-2002-2308

Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself...

6.6AI score0.01105EPSS
Exploits0References2
CVE
CVE
added 2007/10/26 7:0 p.m.47 views

CVE-2002-2313

The vulnerability CVE-2002-2313 affects Eudora email client 5.1.1 when the “use Microsoft viewer” option is enabled. An HTML email containing a META refresh tag that references an embedded .mhtml file with ActiveX controls can trigger execution of a second embedded program processed by Internet E...

8.8CVSS7.6AI score0.00826EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/06/11 7:30 p.m.17 views

Code injection

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

9.3CVSS7.3AI score0.01162EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2006/07/03 12:0 a.m.28 views

CentOS 3 : XFree86 (CESA-2005:501)

Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...

5.1CVSS5.5AI score0.03923EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/09/17 12:0 a.m.38 views

RHEL 3 : XFree86 (RHSA-2005:501)

Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X...

5.1CVSS5.5AI score0.03923EPSS
Exploits0References3
Cent OS
Cent OS
added 2005/09/15 10:48 a.m.64 views

XFree86 security update

CentOS Errata and Security Advisory CESA-2005:501 Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security...

5.1CVSS5.8AI score0.03923EPSS
Exploits0References9
Rows per page
Query Builder