CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

CVE-2009-3385

CVE-2009-3385 affects Mozilla SeaMonkey prior to 1.1.19. The vulnerability lies in the mail/HTML rendering component where scriptable plugin content (e.g., Flash) could be loaded and executed inside an iframe in HTML emails. This could allow a user-assisted attacker to access sensitive data or lo...

Mozilla SeaMonkey < 1.1.19 Multiple Vulnerabilities

Binary data 801348.prm...

SeaMonkey < 1.1.19 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.19. Such versions are potentially affected by the following security issues : - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. MFSA 2009-49 - A...

SeaMonkey < 1.1.19 Multiple Vulnerabilities

Binary data 5479.prm...

Scriptable plugin execution in SeaMonkey mail — Mozilla

Security researcher Georgi Guninski reported that scriptable plugin content, such as Flash objects, could be loaded and executed in SeaMonkey mail messages by embedding the content in an iframe inside the message. If a user were to reply to or forward such a message, malicious JavaScript embedded...

SeaMonkey scriptable plugin execution in mail (mfsa2010-06)

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

Code injection

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA formerly Computer Associates eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."...

CVE-2007-3302

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA formerly Computer Associates eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."...

CVE-2007-0175

Cross-site scripting XSS vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirectto parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirectto parameter...

CVE-2007-0175

Cross-site scripting XSS vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirectto parameter...

CVE-2007-0175

CVE-2007-0175 describes an XSS vulnerability in b2evolution 1.8.6, where the htsrv/login.php script accepts scriptable attributes in the redirect_to parameter to inject arbitrary HTML/JS. Connected records corroborate remote cross-site scripting due to insufficient input sanitising. Debian/DSA-15...

CVE-2006-0733

Cross-site scripting XSS vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as 1 onfocus and 2 onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only...

Cross site scripting

DISPUTED Cross-site scripting XSS vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as 1 onfocus and 2 onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue i...

CVE-2006-0733

Cross-site scripting XSS vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as 1 onfocus and 2 onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only...

CVE-2006-0733

Cross-site scripting XSS vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as 1 onfocus and 2 onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only...

PT-2006-1785 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress version 2.0.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as onfocus and onblur in the "author's website" field. It is suggested that th...

Microsoft IIS 5.0 - Translate: f Source Disclosure (1)

Microsoft IIS 5.0 - Translate: f Source Disclosure 1 source: https://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them...

Microsoft IIS 5.0 - &#039;Translate: f&#039; Source Disclosure (2)

source: https://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then executes them on the server. It is...