CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

332 matches found

securityvulns•added 2007/02/27 12:0 a.m.•78 views

Mozilla Foundation Security Advisory 2007-05

Mozilla Foundation Security Advisory 2007-05 Title: XSS and local file access by opening blocked popups Impact: Moderate Announced: February 23, 2007 Reporter: shutdown, Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description shutdown...

6.8CVSS8.5AI score0.02494EPSS

Exploits1

NVD•added 2005/09/21 10:3 p.m.•12 views

CVE-2005-3018

Apple Safari allows remote attackers to cause a denial of service application crash via a crafted data:// URL...

5CVSS6.1AI score0.03002EPSS

Exploits1References5

Cvelist•added 2005/09/21 4:0 a.m.•16 views

CVE-2005-3018

Apple Safari allows remote attackers to cause a denial of service application crash via a crafted data:// URL...

6.1AI score0.03002EPSS

Exploits1References5

RedHat Linux•added 2005/07/21 10:14 a.m.•4 views

security flaw

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...

7.5CVSS5.9AI score0.03191EPSS

Exploits1References4

Cvelist•added 2005/07/13 4:0 a.m.•22 views

CVE-2005-2264

6.1AI score0.03191EPSS

Exploits1References11

UbuntuCve•added 2005/07/13 4:0 a.m.•26 views

CVE-2005-2264

7.5CVSS6AI score0.03191EPSS

Exploits1References3

NVD•added 2005/07/13 4:0 a.m.•15 views

CVE-2005-2264

7.5CVSS6.1AI score0.03191EPSS

Exploits1References11

CVE•added 2005/07/13 4:0 a.m.•77 views

CVE-2005-2264

CVE-2005-2264 affects Firefox prior to 1.0.5, allowing a remote attacker to steal data by guiding a user to open a malicious link in the browser’s sidebar via the _search target and then inject script into other pages using a data: URL. The connected documents corroborate Firefox involvement and ...

7.5CVSS6.1AI score0.03191EPSS

Exploits1References11Affected Software1

Mozilla•added 2005/07/12 12:0 a.m.•34 views

Script injection from Firefox sidebar panel using data: — Mozilla

Sites can use the search target to open links in the Firefox sidebar. A missing security check allows the sidebar to inject data: urls containing scripts into any page open in the browser. This could be used to steal cookies, passwords or other sensitive data...

6.7AI score

Exploits0References1Affected Software1

CVE•added 2005/02/17 5:0 a.m.•63 views

CVE-2005-0456

Opera 7.54 and earlier is vulnerable to a data: URI handling issue where base64-encoded binary data is not validated, allowing a malicious site to obscure the URL in the download dialog and potentially lead to arbitrary code execution. Connected advisories (Gentoo GLSA 200502-17, OpenVAS entries)...

5CVSS6.4AI score0.03403EPSS

Exploits0References6Affected Software1

CVE•added 2005/02/06 5:0 a.m.•76 views

CVE-2005-0218

CVE-2005-0218 : ClamAV versions up to 0.80 are vulnerable. A remote attacker can bypass virus scanning by embedding a base64-encoded image in a data: URL, allowing malicious content to pass checks. The issue is documented across multiple advisories, indicating a vulnerability in the data: URL han...

5CVSS6.5AI score0.02425EPSS

Exploits0References6Affected Software1

NVD•added 2005/01/12 5:0 a.m.•25 views

CVE-2005-0456

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: RFC 2397 URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code...

5CVSS6.5AI score0.03403EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by