NoScript Cross Site Scripting Via SQL Injection

Hi List NoScript fails to detect the reflective XSS from trusted domains when an attack is conducted through SQLXSSI. The bypass in NoScript has been successfully conducted by using "Reflective XSS" through Union SQL poisoning attacks by exploiting the reverted errors in the browser. The attack...

Debian DSA-153-1 : mantis - cross site code execution and privilege escalation

Joao Gouveia discovered an uninitialized variable which was insecurely used with file inclusions in the mantis package, a php based bug tracking system. The Debian Security Team found even more similar problems. When these occasions are exploited, a remote user is able to execute arbitrary code...

[SECURITY] [DSA 153-2] New mantis package fixes several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 153-2 [email protected] http://www.debian.org/security/ Martin Schulze August 20th, 2002 http://www.debian.org/security/faq -...

[Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis

Mantis Advisory/2002-01 SQL poisoning vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Contact details 1. Introduction Mantis is an Open Source web-based bugtracking system, written i...