6714 matches found
Multiple vulnerabilities in ActiveGeckoBrowser
Overview ActiveGeckoBrowser from Fenrir Inc. contains multiple vulnerabilities. ActiveGeckoBrowser from Fenrir Inc. is a plugin that adds the Gecko rendering engine to the Sleipnir web browser. ActiveGeckoBrowser contains multiple vulnerabilities caused by the Gecko engine. Impact A remote attack...
Rayzz Photoz Shell Upload
========================================================== Rayzz Photoz Upload Vulnerability ========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /'...
e-Pares vulnerable to cross-site scripting
Overview e-Pares contains a cross-site scripting vulnerability. e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. This vulnerability that was reported to IPA and JPCERT/CC was discovered as part of the Web...
Movable Type vulnerable to cross-site scripting
Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...
Consona - 'n6plugindestructor.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/39999/info Multiple Consona formerly SupportSoft products are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site an...
In-portal 5.0.3 Remote Arbitrary File Upload Exploit
In-portal is prone to a remote arbitrary file-upload vulnerability This issue may allow remote attackers to upload arbitrary files, including malicious scripts, and possibly to execute a script on the affected server. In-portal Web 2.0 CMS v5.0.3 is affected by this issue. Other or lowers version...
MODx vulnerable to cross-site scripting
Overview MODx provided by The MODx CMS Project contains a cross-site scripting vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a cross-site scripting vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported th...
PotatoNews 1.0.2 - nid Multiple Local File Inclusions
PotatoNews 1.0.2 - nid Multiple Local File Inclusions source: https://www.securityfocus.com/bid/39276/info PotatoNews is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
ZDI-10-063: Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-063 April 5, 2010 -- CVE ID: CVE-2010-1121 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- TippingPointTM IPS Customer...
Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability
This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in...
Compiere vulnerable to cross-site scripting
Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...
Compiere vulnerable to cross-site scripting
Overview Compiere provided by Almas Inc. contains a cross-site scripting vulnerability. Compiere provided by Almas Inc. is an Enterprise Resource Planning ERP and Customer Relationship Management CRM software. Compiere contains a cross-site scripting vulnerability. This vulnerability is different...
From learning webshell hide to Ferret out the simple analysis-vulnerability warning-the black bar safety net
webshell,do not say it!, The back door,ancient and modern breaking the network must home,great bite is stab,thousand station with the waste of the said,blowing a big,theme. First of all, we in the dark said,once into the site,it will leave the back door,but the current mainstream is asp,php free...
Cross-site scripting cookie theft
Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...
Article Friendly - Filename Local File Inclusion
Article Friendly - Filename Local File Inclusion source: https://www.securityfocus.com/bid/38461/info Article Friendly is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensiti...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)
Mozilla Firefox was upgraded to version 3.0.18, fixing various bugs and security issues. Following security issues have been fixed: MFSA 2010-01 / CVE-2010-0159: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products...
Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross doma...
IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection
IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection source: https://www.securityfocus.com/bid/38360/info IBM WebSphere Portal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage...
Microsoft Outlook 2002 Script Execution (CVE-2004-0121)
Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Microsoft Outlook product is an implementation of an email client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...
SAP BusinessObjects 12 - URI redirection Cross-Site Scripting
SAP BusinessObjects 12 - URI redirection Cross-Site Scripting source: https://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can...