Lucene search
K

9799 matches found

Fedora
Fedora
added 2008/07/18 8:6 a.m.43 views

[SECURITY] Fedora 8 Update: seamonkey-1.1.11-1.fc8

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

9.3CVSS2AI score0.05284EPSS
Exploits1
seebug.org
seebug.org
added 2008/07/16 12:0 a.m.16 views

Microsoft IE 5.01/5.5 DHTMLED远程文件读取漏洞

Microsoft IE 5.5/5.01中DHTMLED(动态HTML编辑控制)部分的实现存在安全问题。可能允许 一个恶意站点非法读取远程客户主机上的已知文件的内容。这种攻击也可以通过发送HTML格式的 邮件给那些使用Outlook的用户来实现。 动态HTML编辑控制是一种让IE具有WYSIWYG HTML编辑器功能的机制。然而DOM安全模型没有正确 处理通过DHTMLED来使用IFRAME的情况,导致IFRAME的内容可以被重定向到某个web server IFRAME可以被设置为从已知的本地文件读取。下面是一个例子代码: dh.DOM.all.I1.focus;...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/07/15 12:0 a.m.46 views

Debian DSA-1607-1 : iceweasel - several vulnerabilities

Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes i...

10CVSS5.9AI score0.13949EPSS
Exploits2References23
OpenVAS
OpenVAS
added 2008/07/15 12:0 a.m.23 views

Debian: Security Advisory (DSA-1607-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.8AI score0.13949EPSS
Exploits2References3
Fedora
Fedora
added 2008/07/09 2:47 a.m.33 views

[SECURITY] Fedora 8 Update: seamonkey-1.1.10-1.fc8

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

10CVSS2AI score0.13949EPSS
Exploits2
Fedora
Fedora
added 2008/07/09 2:45 a.m.77 views

[SECURITY] Fedora 9 Update: seamonkey-1.1.10-1.fc9

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

10CVSS2AI score0.13949EPSS
Exploits2
seebug.org
seebug.org
added 2008/07/08 12:0 a.m.26 views

QQ Mail跨站脚本漏洞

QQ Mail是Tencent公司提供的webmail服务,你可以使用你的QQ帐户来登陆使用Mail服务,具体的信息可以访问 http://mail.qq.com/。但是80sec团队成员在QQ Mail里发现存在跨站脚本漏洞,恶意用户可以通过该漏洞在邮件里伪造登陆表单窃取目标用户的密码以及偷取Cookie以取得其他用户的身份,或者使用 ajax等技术读取用户的敏感信息。 QQ Mail的Javascript...

7.1AI score
Exploits0
Prion
Prion
added 2008/07/07 11:41 p.m.16 views

Design/Logic Flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

5CVSS6.5AI score0.02245EPSS
Exploits1References44Affected Software2
NVD
NVD
added 2008/07/07 11:41 p.m.19 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

5CVSS6.6AI score0.02245EPSS
Exploits1References44
ATTACKERKB
ATTACKERKB
added 2008/07/07 11:41 p.m.2 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

5CVSS5.8AI score0.02245EPSS
Exploits1References45
Cvelist
Cvelist
added 2008/07/07 11:0 p.m.21 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

6.5AI score0.02245EPSS
Exploits1References44
UbuntuCve
UbuntuCve
added 2008/07/07 12:0 a.m.22 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

5CVSS6AI score0.02245EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2008/07/02 12:48 p.m.4 views

Firefox arbitrary file disclosure

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

5CVSS5.9AI score0.02245EPSS
Exploits1References4
Mozilla
Mozilla
added 2008/07/01 12:0 a.m.27 views

Arbitrary file upload via originalTarget and DOM Range — Mozilla

Opera Software reported a vulnerability which allows malicious content to force the browser into uploading local files to the remote server. This could be used by an attacker to steal files from known locations on a victim's computer...

5CVSS4AI score0.02245EPSS
Exploits1References2Affected Software2
exploitpack
exploitpack
added 2008/06/27 12:0 a.m.15 views

Microsoft Internet Explorer 78 Beta 1 - Frame Location Cross Domain Security Bypass

Microsoft Internet Explorer 78 Beta 1 - Frame Location Cross Domain Security Bypass source: https://www.securityfocus.com/bid/29986/info Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2008/06/27 12:0 a.m.27 views

Microsoft Internet Explorer 7/8 Beta 1 - Frame Location Cross Domain Security Bypass

source: https://www.securityfocus.com/bid/29986/info Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to change the location of a frame from a...

7.4AI score
Exploits0
Prion
Prion
added 2008/06/12 2:32 a.m.10 views

Heap overflow

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."...

9.3CVSS8.2AI score0.38835EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2008/06/12 1:30 a.m.34 views

CVE-2008-1442

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."...

7.6AI score0.38835EPSS
Exploits1References11
CVE
CVE
added 2008/06/12 1:30 a.m.49 views

CVE-2008-1442

CVE-2008-1442 concerns a heap-based buffer overflow in the substringData method of Internet Explorer 6 and 7, allowing remote code execution via crafted web pages (HTML Objects Memory Corruption). The connected MSKB (MS08-031) confirms multiple affected IE versions on Windows XP/2003 family and d...

9.3CVSS7.5AI score0.38835EPSS
Exploits1References11Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2008/06/10 12:0 a.m.21 views

Microsoft Internet Explorer DOM Object substringData() Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData method...

9.3CVSS2.8AI score0.38835EPSS
Exploits1References1
Rows per page
Query Builder