221 matches found
CVE-2013-2031
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...
McAfee SuperScan 4.0 - Cross-Site Scripting
McAfee SuperScan 4.0 - Cross-Site Scripting Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting XSS vulnerability in McAfee Superscan 4.0 Published: 08/02/2013 Version: 1.0 Vendor: McAfee http://www.mcafee.com/ Product: SuperScan Version affected: v4.0 Product description:...
McAfee Superscan 4.0 Cross Site Scripting
Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting XSS vulnerability in McAfee Superscan 4.0 Published: 08/02/2013 Version: 1.0 Vendor: McAfee http://www.mcafee.com/ Product: SuperScan Version affected: v4.0 Product description: SuperScan 4 is a Windows port scanning tool...
McAfee SuperScan 4.0 - Cross-Site Scripting
Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting XSS vulnerability in McAfee Superscan 4.0 Published: 08/02/2013 Version: 1.0 Vendor: McAfee http://www.mcafee.com/ Product: SuperScan Version affected: v4.0 Product description: SuperScan 4 is a Windows port scanning tool...
CVE-2009-5120
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via UTF-7 text to the 404...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...
CVE-2009-5120
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via UTF-7 text to the 404...
CVE-2009-5120
Summary: CVE-2009-5120 concerns Websense Web Security 7.0 / Web Filter 7.0 using Apache Tomcat. The default Tomcat configuration in Websense Manager allows TCP connections to port 1812 from arbitrary source IPs, which is described as enabling cross-site scripting (XSS) via UTF-7 text to the 404 e...
CVE-2012-2582
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...
CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
Cross site scripting
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
PSF-2012-1 SimpleHTTPServer UTF-7
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
[SECURITY] [DSA 2464-2] icedove regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-2464-2 [email protected] http://www.debian.org/security/ Florian Weimer May 08, 2012 http://www.debian.org/security/faq -...
Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
According to its banner, the version of Apache HTTP Server running on the remote host can be used in cross-site scripting XSS attacks. Making a specially crafted request can inject UTF-7 encoded script code into a 403 response page, resulting in XSS attacks. This is actually a web browser...
Ad Muncher 4.81 Cross Site Scripting
Hello Full-Disclosure! I want to warn you about Cross-Site Scripting vulnerability in Ad Muncher. In May I already wrote about universal XSS in Ad Muncher http://websecurity.com.ua/4202/, which allowed to conduct XSS attacks on any sites in any browsers. Which existed in versions before Ad Munche...
XSS уязвимость в Ad Muncher
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Ad Muncher. Ранее я уже сообщал об универсальной XSS в Ad Muncher http://websecurity.com.ua/4202/, которая существовала в версиях до Ad Muncher 4.71. Данная уязвимость позволяет обойти защитные фильтры программы и...
Internet Explorer vulnerable to cross-site scripting
Overview Microsoft Internet Explorer contains a vulnerability in handling specific character encoding which may result in a cross-site scripting attack. Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Fo...
JVN#30273074: Internet Explorer vulnerable to cross-site scripting
Microsoft Internet Explorer contains a vulnerability in handling specific UTF-7 encoded characters, which may result in cross-site scripting. Impact An arbitrary script may be executed. Solution Update the Software Apply the latest update according to the information provided by Microsoft. Produc...