CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

DEBIAN-CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

CVE-2006-1045

The CVE affects Mozilla Thunderbird 1.5. When Block loading of remote images in mail messages is enabled, Thunderbird’s HTML rendering engine does not fully block external images in inline HTML attachments. This could allow a remote attacker to obtain sensitive information (e.g., application vers...

CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

Bitweaver 1.11.2 - Title HTML Injection

Bitweaver 1.11.2 - Title HTML Injection source: https://www.securityfocus.com/bid/16973/info The bitweaver application is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HT...

Easy Forum 2.5 - New User Image File HTML Injection

source: https://www.securityfocus.com/bid/16958/info Easy Forum is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

moz-15.txt

Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : 1.5 Found by : crashfr at sysdream dot com This advisory : crashfr at sysdream dot com Discovery date : 2006/02/18...

mozThunDoS.txt

Mozilla Thunderbird : Remote Code Execution & Denial of Service //----- Advisory Program : Mozilla Thunderbird Homepage : http://www.mozilla.com/thunderbird/ Tested version : Denial of service application crash : iframe src="javascript:parent.document.write'Found by www.s...

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

Design/Logic Flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

PostNuke 0.6x0.7x NS-Languages Module - language SQL Injection

PostNuke 0.6x0.7x NS-Languages Module - language SQL Injection source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation...

PostNuke 0.6x/0.7x NS-Languages Module - 'language' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16752/info PostNuke is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. Successful exploitation could allow an attacker to compromise the application, access or...

DSA-979-1 pdfkit.framework - several

Bulletin has no description...

[SECURITY] [DSA 973-1] New OTRS packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 973-1 [email protected] http://www.debian.org/security/ Martin Schulze February 15th, 2006 http://www.debian.org/security/faq -...

sNews - index.php Multiple SQL Injections

sNews - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/16647/info sNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabiliti...

sNews - 'index.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/16647/info sNews is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could allow an attacker to compromise t...

Cross site scripting

Cross-site scripting XSS vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser...