9 matches found
EUVD-2010-4521
Malware in sbrugna...
Remote Code Execution (RCE)
Moodle is vulnerable to remote code execution. A malicious user can update the spellchecking mechanism to point to a arbitrary command, executing the command when a spellchecking request occurs. Note: The Moodle developers are not going to fix this vulnerability...
CVE-2010-4555
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 drop-down selection lists, 2 the greater than character in the SquirrelSpell spellchecking plugin, and 3 errors associated wit...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 drop-down selection lists, 2 the greater than character in the SquirrelSpell spellchecking plugin, and 3 errors associated wit...
CVE-2010-4555
Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 drop-down selection lists, 2 the greater than character in the SquirrelSpell spellchecking plugin, and 3 errors associated wit...
CVE-2010-4555
SquirrelMail (PHP webmail) versions up to 1.4.21 and earlier are affected by multiple XSS vulnerabilities (CVE-2010-4555, among others) via vectors including dropdown lists, the SquirrelSpell > character, and errors on the Index Order page. Open-source advisories and Nessus/OpenVAS feeds indic...
CVE-2007-3930
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting XSS attacks when spellchecking UTF-8 encoded messages via the spellutf8test function in lib/exe/spellcheck.php, which...
Cross site scripting
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting XSS attacks when spellchecking UTF-8 encoded messages via the spellutf8test function in lib/exe/spellcheck.php, which...
CVE-2007-3930
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting XSS attacks when spellchecking UTF-8 encoded messages via the spellutf8test function in lib/exe/spellcheck.php, which...