3332 matches found
Mozilla Browser 0.9/1.x Cache File - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/10709/info Mozilla Browser is reported prone to multiple vulnerabilities that could eventually allow for code execution on the local computer. These vulnerabilities do not represent a significant threat on their own, however, code execution in the context...
[Full-Disclosure] CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server
The following advisory is also available in pdf for download at http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Denial of Service in WebSphere Edge Server. Vulnerability Class: Denial of Service Release Date: June 2nd 2004 Affected...
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service source: https://www.securityfocus.com/bid/10651/info A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the...
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service
source: https://www.securityfocus.com/bid/10651/info A denial of service vulnerability is reported in the Caching Proxy component bundled with the IBM Websphere Edge Server. It is reported that if the proxy is configured with the JunctionRewrite directive in conjunction with the UseCookie option,...
Microsoft Internet Explorer allows mouse events to manipulate window objects and perform "drag and drop" operations
Overview Microsoft Internet Explorer IE dynamic HTML DHTML mouse events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description In IE, certain DHT...
CVE-2003-1027
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching SaveRef to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different...
CVE-2003-1027
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching SaveRef to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different...
CVE-2003-1027
CVE-2003-1027 is a remote-code-execution vulnerability related to Internet Explorer’s handling of drag-and-drop. The Drag-and-Drop Vulnerability (CAN-2005-0053) updates address this and is explicitly stated as a variation of CVE-2003-1027. Affected software includes IE 5.01 through 6 SP1 (and rel...
HijackClickV2 - a successor of HijackClick attack
HijackClickV2 - a successor of HijackClick attack tested OS:Win2k3,CN version IE: with MS03-048 installed. OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview After applying MS03-048, the original HijackClick exploit doesn't work any more. With method...
MSIE->RefBack
RefBack tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. it also works after applying the patch for "Using the backbutton in IE is dangerous" OS Ver: "Windows XP Cn ver" demo...
MSIE->LinkillerSaveRef:another caller-based authorization
LinkillerSaveRef:another caller-based authorizationis broken. "that's all" is end of file if you are in a hurry tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the pat...
Cisco Content Service Switch DNS DoS
Negative DNS response caching lieads to DoS possibility...
Incorrect NXDOMAIN responses from AAAA queries could cause denial-of-service conditions
Overview Some DNS servers respond with an inappropriate error message if queried for nonexistent AAAA records, which can lead to possible denial of service. Description Some DNS servers respond with a "Name Error" response code NXDOMAIN, RCODE 3 instead of "No Error" RCODE 0 when queried for a...
Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the...
CVE-2002-1262
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files...
CVE-2002-1262
Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files...
IBM WebSphere Edge Caching Proxy DoS
We could crash the WebSphere Edge caching proxy by sending a bad request to the helpout.exe CGI. C Tenable Network Security, Inc. References: From:"Rapid 7 Security Advisories" Message-ID: Date: Wed, 23 Oct 2002 12:08:39 -0700 Subject: R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of...
CVE-2002-1168
CVE-2002-1168 describes a cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26. An attacker can force the server to echo a CRLF-containing Location header (%0a%0d) in HTTP responses, allowing script execution in the context of anothe...
CVE-2002-1167
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x prior to 4.0.1.26 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to execute scripts as other users via an HTTP GET request. The connected documents confirm the affected product and method but do not p...
IBM Websphere Edge Server 3.694.0 - HTTP Header Injection
IBM Websphere Edge Server 3.694.0 - HTTP Header Injection source: https://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for a...