2032 matches found
Microsoft Internet Explorer does not properly validate URL sources
Overview Microsoft Internet Explorer IE does not properly determine the source of script used in URLs. An attacker could exploit this vulnerability to evaluate script in different security domains. By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary...
Adobe SVG Viewer Cross Domain and Zone Access (GM#004-MC)
GreyMagic Security Advisory GM004-MC ===================================== By GreyMagic Software, Israel. 07 Oct 2003. Available in HTML format at http://security.greymagic.com/adv/gm004-mc/. Topic: Adobe SVG Viewer Cross Domain and Zone Access. Discovery date: 07 Sep 2003. Affected applications:...
CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer Original issue date: August 26, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Microsoft Windows systems running...
Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers
Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...
Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy
Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy source: https://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execu...
Mozilla 1.x / opera 6/7 - Timed document.write Method Cross Domain Policy
source: https://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execute a file across domains and in the local security zone, giving an...
Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting
Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting source: https://www.securityfocus.com/bid/7810/info The Microsoft Internet Explorer FTP indexing implementation could allow script code to be executed in the security zone of another FTP site. This vulnerability only...
Microsoft Internet Explorer 5 - Classic Mode FTP Client Cross Domain Scripting
source: https://www.securityfocus.com/bid/7810/info The Microsoft Internet Explorer FTP indexing implementation could allow script code to be executed in the security zone of another FTP site. This vulnerability only exists when Internet Explorer FTP is used in "Classic Mode". Any script would be...
Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames
Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...
Microsoft Internet Explorer does not adequately validate source of dialog frame
Overview Microsoft Internet Explorer IE allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookies from other web sites. In the presence of other vulnerabilities VU626395,...
CVE-2003-1328
The showHelp function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."...
Microsoft Security Bulletin MS03-004: Cumulative Patch for Internet Explorer (810847)
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Cumulative Patch for Internet Explorer 810847 Date: 05 February 2003 Software: Microsoft Internet Explorer Impact: Allow an attacker to execute commands on a user's system. Max Risk:...
Opera Cross Domain Scripting Vulnerability
Description A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems. Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is...
Opera's Security Model is Highly Vulnerable (GM#002-OP)
GreyMagic Security Advisory GM002-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-op/. Topic: Opera's Security Model is Highly Vulnerable. Discovery date: 14 Nov 2002. Affected applications:...
CVE-2002-1254
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."...
CVE-2002-1254
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."...
CVE-2002-1254
The vulnerability (CVE-2002-1254) affects Internet Explorer 5.5 and 6.0. Affected component: cross-domain verification via cached methods/objects. Root cause: security model bypass that allows remote attackers to access information on the local system or in other domains, and potentially execute ...
Microsoft Internet Explorer 56 - Unauthorized Document Object Model Access
Microsoft Internet Explorer 56 - Unauthorized Document Object Model Access source: https://www.securityfocus.com/bid/5963/info Microsoft Internet Explorer MSIE is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model DOM of other...
Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access
source: https://www.securityfocus.com/bid/5963/info Microsoft Internet Explorer MSIE is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model DOM of other frames/iframes in a different domain. This is possible because MSIE does not...
Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling
Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...