Microsoft Windows keyboard events design flow

Application with diferent user's credentials may send keyboard events to applications running in the same desktop emulating user input...

CVE-2004-2383

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain...

CVE-2004-2383

Microsoft Internet Explorer 5.0–6.0 is identified as vulnerable to a Cross-Frame Scripting Restriction bypass (CVE-2004-2383). The issue arises when an HTML document with JavaScript outside a frameset that includes the target domain can cause the frameset to retain focus, enabling an attacker to ...

galeon, mozilla security update

CentOS Errata and Security Advisory CESA-2005:587-01 Updated mozilla packages that fix various security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgro...

security flaw

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

Fedora Core 4 : mozilla-1.7.10-1.5.1 (2005-619)

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A bug was found in the way Mozilla handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or...

security flaw

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

Important: Red Hat Security Advisory: firefox security update

An updated firefox package that fixes various security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox...

Fedora Core 4 : firefox-1.0.6-1.1.fc4 (2005-605)

Mozilla Firefox is an open source Web browser. A bug was found in the way Firefox handled synthetic events. It is possible that Web content could generate events such as keystrokes or mouse clicks that could be used to steal data or execute malicious JavaScript code. The Common Vulnerabilities an...

CVE-2005-2260

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

CVE-2005-2260

The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be...

Content-generated event vulnerabilities — Mozilla

In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events generated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to a variant on MFSA 2005-34...

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

CVE-2005-1910

SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password...

CVE-2005-1910

The CVE-2005-1910 issue affects WWWeb Concepts Events System 1.0, specifically the login.asp login path. The vulnerability is a SQL injection via the password parameter in login.asp, enabling remote attackers to execute arbitrary SQL commands and potentially gain unauthorized access or manipulate...

WWWeb Concepts Events System 1.0 - login.asp SQL Injection

WWWeb Concepts Events System 1.0 - login.asp SQL Injection source: https://www.securityfocus.com/bid/13859/info WWWeb Concepts Events System is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp'...

CVE-2004-1935

CVE-2004-1935 describes a cross-site scripting (XSS) vulnerability in SCT Campus Pipeline where remote attackers can inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an email attachment. The NVD metrics indicate the impact is limited to partial integrity...

CVE-2005-0839

Linux kernel 2.6 before 2.6.11 does not restrict access to the NMOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions...

CVE-2005-0527

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."...

CVE-2005-0945

Cross-site scripting XSS vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in 1 img, 2 link, or 3 mail tags...