HP System Management Homepage vulnerable to cross-site scripting

Overview HP System Management Homepage SMH from Hewlett-Packard contains a cross-site scripting vulnerability. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. SMH contains a cross-site scripting vulnerability. This vulnerability is...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory MDVSA-2009:110. OpenVAS Vulnerability Test $Id: mdksa2009110.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:110 squirrelmail Authors: Thomas Reinke Copyright: Copyright c 20...

[ MDVSA-2009:110 ] squirrelmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:110 http://www.mandriva.com/security/ Package : squirrelmail Date : May 12, 2009 Affected: Corporate 4.0 Problem Description: Multiple vulnerabilities has been identified and corrected in squirrelmail: Two...

Cross-site scripting vulnerability in SKIP from SKIP User Group

Overview SKIP from SKIP User Group contains a cross-site scripting vulnerability. SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...

XSS vulnerability can be exploited with the viewppt macro

Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...

XSS vulnerability can be exploited with the viewppt macro

Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...

XSS vulnerability can be exploited with the viewppt macro

Upload a file test.ppt Use markup: noformatviewppt:test.ppt|height=alert"xss"|width=alert"xss"noformat The scripts will be executed when the page is loaded...

JVN#11396739 Cross-site scripting vulnerability in MiniBBS from CGI RESCUE

MiniBBS is a message board script provided by CGI RESCUE, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the vendor. Products...

IncrediMail 5.86 (XSS) Script Execution Exploit

No description provided by source. !/usr/bin/perl -w IncrediMail Xe latest version XSS Vulnerability Discovered by : Bui Quang Minh Description : The most of popular Mail Client now exclude Script Code for mail content. It aims to avoid the type of XSS exploitation For e.g: stolen cookie...

IncrediMail 5.86 (XSS) Script Execution Exploit

Exploit for windows platform in category remote exploits =============================================== IncrediMail 5.86 XSS Script Execution Exploit =============================================== !/usr/bin/perl -w IncrediMail Xe latest version XSS Vulnerability Discovered by : Bui Quang Minh...

IncrediMail 5.86 - Cross-Site Scripting Script Execution

!/usr/bin/perl -w IncrediMail Xe latest version XSS Vulnerability Discovered by : Bui Quang Minh Description : The most of popular Mail Client now exclude Script Code for mail content. It aims to avoid the type of XSS exploitation For e.g: stolen cookie. IncrediMail also remove Script Code when t...

PEAK XOOPS piCal cross-site scripting vulnerability

Overview piCal from PEAK XOOPS contains a cross-site scripting vulnerability. piCal from PEAK XOOPS is a calendar module with a scheduler for XOOPS. piCal contains a cross-site scripting vulnerability. Masako Oono of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with...

linux/x86 Perl script execution 99 bytes + script length

linux/x86 Perl script execution 99 bytes + script length. Shellcode exploit for linx86 platform / Author : darkjoker Site : http://darkjoker.net23.net Shellcode : linux/x86 Perl script execution 99 bytes + script length .global start start: xor %eax, %eax xor %ebx, %ebx xor %ecx, %ecx xor %edx,...

linux/x86 Perl script execution 99 bytes + script length

Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 Perl script execution 99 bytes + script length ======================================================== / Author : darkjoker Site : http://darkjoker.net23.net Shellcode :...

FAST ESP cross-site scripting vulnerability

Overview FAST ESP, an enterprise search platform from Microsoft, contains a cross-site scripting vulnerability. FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability...

Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS

Calling window.print function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

Slackware 12.2 / current : xdg-utils (SSA:2009-033-01)

New xdg-utils packages are available for Slackware 12.2 and -current to fix security issues. Applications that use /etc/mailcap could be tricked into running an arbitrary script through xdg-open, and a separate flaw in xdg-open could allow the execution of arbitrary commands embedded in untrusted...

Oracle WebLogic Server vulnerable to cross-site scripting

Overview Oracle WebLogic Server formerly BEA WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 JavaEE5. Oracle WebLogic Server contains a cross-site scripting vulnerability. Daiki Fukumori of...