CVE-2005-0945

Cross-site scripting XSS vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in 1 img, 2 link, or 3 mail tags...

CVE-2005-0527

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."...

Microsoft Internet Explorer 5.0.1 - Mouse Event URI Status Bar Obfuscation

source: https://www.securityfocus.com/bid/12541/info Microsoft Internet Explorer is reported prone to a URI obfuscation weakness. The issue presents itself when a HREF tag contains certain mouse events. This issue may be leveraged by an attacker to display false information in the status bar or U...

CVE-2005-0145

Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature...

Script-generated event can download without prompting — Mozilla

Script-generated click events were indistinguishable from true clicks. Combined with the Firefox Alt+click feature that downloads links to the default location without prompting this could be used by malicious sites to place executables or other malware onto a windows user's desktop without their...

Mozilla fails to properly handle script-generated events

Overview There is a vulnerability the way Mozilla handles script-generated events that could allow a remote, unauthenticated attacker to access data contained on the victim's clipboard. Description Mozilla is an open-source web browser, email/newsgroup client, IRC client, and HTML editor availabl...

CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."...

Qualcomm Eudora 6.x - Embedded Hyperlink URI Obfuscation

source: https://www.securityfocus.com/bid/10305/info It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located...

CVE-2004-0191

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page zombie document and enable cross-domain and cross-site scripting XSS attacks, as demonstrated using onmousemove events...

Microsoft Internet Explorer allows mouse events to manipulate window objects and perform "drag and drop" operations

Overview Microsoft Internet Explorer IE dynamic HTML DHTML mouse events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description In IE, certain DHT...

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

CVE-2002-0896

The CVE-2002-0896 entry concerns Swatch: the throttle capability may fail to report certain events if the same event type recurs after the throttle period or when multiple events matching the same watchfor expression don’t occur post-throttle. This could allow attackers to avoid detection. No spe...

Minor IE System Info Disclosure

I just stumbled across this the other day when i was playing... a remote server can poll a surfers computer and determin some applications they have installed by trying a load an image with the file:// protocol. if the file is found on disk the javascript onload event fires..if not the onerror...

Небезопасная обработка сигналов (unsafe signal handling)

Определенная последовательность асинхронных событий может приводить к тому, что, например дважды освобождается область в памяти или происходит запись в освобожденную область...

CVE-2023-4504

creationtimestamp| type| source ---|---|--- 2000-12-31 23:00:00+00:00| seen| http://takeonme.org/cve/ 2023-09-21 16:37:00+00:00| seen| http://takeonme.org/cves/cve-2023-4504/ 2023-09-22 02:45:00+00:00| seen| https://t.me/cibsecurity/70932 2023-11-19 14:26:27+00:00| seen|...

Очередной обзор новостей Linux

No description provided...

CVE-2000-0350

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events...

Очередной обзор новостей Linux

No description provided...

CVE-1999-0576

A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories...

CVE-1999-0575

A Windows NT system's user audit policy does not log an event success or failure, e.g. for Logon and Logoff, File and Object Access, Use of User Rights, User and Group Management, Security Policy Changes, Restart, Shutdown, and System, and Process Tracking...