CVE-2008-3836

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the 1 elem.doCommand, 2 elem.dispatchEvent, 3 setTitleText, 4 setTitleImage, and 5 initSubscriptionUI functions...

Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)

The remote host is missing updates announced in advisory GLSA 200605-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200510-24 (Mantis)

The remote host is missing updates announced in advisory GLSA 200510-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2008-3836

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the 1 elem.doCommand, 2 elem.dispatchEvent, 3 setTitleText, 4 setTitleImage, and 5 initSubscriptionUI functions...

Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor unde...

JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product. This vulnerability is...

FreeBSD Ports: openwebmail

The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Blogn vulnerable to cross-site scripting

Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site scripting

Overview mysql-lists from AquaGardenSoft Co.,Ltd. contains a cross-site scripting vulnerability. mysql-lists from AquaGardenSoft Co.,Ltd. is software to show MySQL data on the web browser. mysql-lists contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA...

Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...

La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...

JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. Impact If an arbitrary...

Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30542/info Pluck is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Geeklog Forum Plugin vulnerable to cross-site scripting

Overview Geeklog Forum Plugin contains a cross-site scripting vulnerability. Geeklog Forum Plugin is a plugin for Geeklog, an open source contents management system. Geeklog Forum Plugin contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/C...

K's CGI Access Log Kaiseki (jcode.pl) vulnerable to cross-site scripting

Overview analysis.cgi included in K's CGI Access Log Kaiseki jcode.pl contains a cross-site scripting vulnerability. K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pl contains a cross-site scripting vulnerability. The...

WebProxy from LunarNight Laboratory vulnerable to cross-site scripting

Overview WebProxy provided by LunarNight Laboratory contains a cross-site scripting vulnerability. WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinate...

MS Windows (HTA) Script Execution Exploit (MS05-016)

No description provided by source. / Changed date in db to place it on the main page instead of it being bumped off /str0ke / /++ MS05-016 POC Made By ZwelL [email protected] 2005.4.13 All information from : http://www.securityfocus.net/archive/1/395563/2005-04-10/2005-04-16/0 You need make a .hta...

Redmine vulnerable to cross-site scripting

Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...

FreeStyleWiki cross-site scripting vulnerability

Overview FreeStyleWiki contains a cross-site scripting vulnerability. FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...