Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

> refresh: 0; URL=javascript:alert(document.cookie) > The code will work in context of this site. ...which happens to be covered here for half a year or so: http://code.google.com/p/browsersec/wiki/Part2#Redirection_restrictions I can't see how this could be a vulnerability per se, although chang

Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

Hello SecurityFocus! I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday (29.06.2009) and also informed corresponding browsers developers about this vulnerability. At 21.04.2009 there was fixed vul

[oCERT-2009-007] FCKeditor input sanitization errors

#2009-007 FCKeditor input sanitization errors Description: FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary

[SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1825-1secur...@debian.org http://www.debian.org/security/ Nico Golde July 3rd, 2009

One Click Ownage [White Paper and Scripts]

This is a different and more practical approach to get a reverse shell or code execution in SQL Injections (particularly in MSSQL). The idea is simple. Getting a reverse shell from an SQL Injection with one HTTP request without using an extra channel such as TFTP, FTP to upload the initial payload.