Lucene search
K

2032 matches found

CERT
CERT
added 2003/11/18 12:0 a.m.52 views

Microsoft Internet Explorer does not properly validate URL sources

Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...

7.5CVSS7.5AI score0.48374EPSS
Exploits0References25
securityvulns
securityvulns
added 2003/10/08 12:0 a.m.26 views

Adobe SVG Viewer Cross Domain and Zone Access (GM#004-MC)

GreyMagic Security Advisory GM004-MC ===================================== By GreyMagic Software, Israel. 07 Oct 2003. Available in HTML format at http://security.greymagic.com/adv/gm004-mc/. Topic: Adobe SVG Viewer Cross Domain and Zone Access. Discovery date: 07 Sep 2003. Affected applications:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2003/08/27 12:0 a.m.66 views

CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer Original issue date: August 26, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Microsoft Windows systems running...

7.5CVSS0.2AI score0.81307EPSS
Exploits5
CERT
CERT
added 2003/08/25 12:0 a.m.27 views

Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers

Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...

7.5CVSS7.4AI score0.26495EPSS
Exploits0References8
exploitpack
exploitpack
added 2003/06/07 12:0 a.m.14 views

Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy

Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy source: https://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execu...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/07 12:0 a.m.26 views

Mozilla 1.x / opera 6/7 - Timed document.write Method Cross Domain Policy

source: https://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execute a file across domains and in the local security zone, giving an...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/06/04 12:0 a.m.15 views

Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting

Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting source: https://www.securityfocus.com/bid/7810/info The Microsoft Internet Explorer FTP indexing implementation could allow script code to be executed in the security zone of another FTP site. This vulnerability only...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/04 12:0 a.m.23 views

Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting

source: https://www.securityfocus.com/bid/7810/info The Microsoft Internet Explorer FTP indexing implementation could allow script code to be executed in the security zone of another FTP site. This vulnerability only exists when Internet Explorer FTP is used in "Classic Mode". Any script would be...

7.4AI score
Exploits0
CERT
CERT
added 2003/05/05 12:0 a.m.31 views

Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames

Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...

5CVSS7.6AI score0.25248EPSS
Exploits1References9
CERT
CERT
added 2003/04/25 12:0 a.m.45 views

Microsoft Internet Explorer does not adequately validate source of dialog frame

Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...

7.6AI score
Exploits0References27
NVD
NVD
added 2003/02/19 5:0 a.m.15 views

CVE-2003-1328

The showHelp function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."...

7.5CVSS7.2AI score0.38935EPSS
Exploits0References7
securityvulns
securityvulns
added 2003/02/07 12:0 a.m.61 views

Microsoft Security Bulletin MS03-004: Cumulative Patch for Internet Explorer (810847)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Cumulative Patch for Internet Explorer 810847 Date: 05 February 2003 Software: Microsoft Internet Explorer Impact: Allow an attacker to execute commands on a user's system. Max Risk:...

Exploits0
Symantec
Symantec
added 2003/02/04 12:0 a.m.26 views

Opera Cross Domain Scripting Vulnerability

Description A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems. Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is...

1.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/02/04 12:0 a.m.42 views

Opera's Security Model is Highly Vulnerable (GM#002-OP)

GreyMagic Security Advisory GM002-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-op/. Topic: Opera's Security Model is Highly Vulnerable. Discovery date: 14 Nov 2002. Affected applications:...

0.2AI score
Exploits0
NVD
NVD
added 2002/12/11 5:0 a.m.23 views

CVE-2002-1254

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."...

7.5CVSS6.7AI score0.50758EPSS
Exploits1References13
Cvelist
Cvelist
added 2002/11/27 5:0 a.m.27 views

CVE-2002-1254

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."...

6.7AI score0.50758EPSS
Exploits1References13
CVE
CVE
added 2002/11/27 5:0 a.m.54 views

CVE-2002-1254

The vulnerability (CVE-2002-1254) affects Internet Explorer 5.5 and 6.0. Affected component: cross-domain verification via cached methods/objects. Root cause: security model bypass that allows remote attackers to access information on the local system or in other domains, and potentially execute ...

7.5CVSS7.2AI score0.50758EPSS
Exploits1References13Affected Software2
exploitpack
exploitpack
added 2002/10/15 12:0 a.m.14 views

Microsoft Internet Explorer 56 - Unauthorized Document Object Model Access

Microsoft Internet Explorer 56 - Unauthorized Document Object Model Access source: https://www.securityfocus.com/bid/5963/info Microsoft Internet Explorer MSIE is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model DOM of other...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/10/15 12:0 a.m.36 views

Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access

source: https://www.securityfocus.com/bid/5963/info Microsoft Internet Explorer MSIE is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model DOM of other frames/iframes in a different domain. This is possible because MSIE does not...

7.4AI score
Exploits0
CERT
CERT
added 2002/09/27 12:0 a.m.35 views

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...

5CVSS6AI score0.18223EPSS
Exploits0References3
Rows per page
Query Builder