303 matches found
xt:Commerce Shopsoftware 34 - FCKeditor Arbitrary File Upload
xt:Commerce Shopsoftware 34 - FCKeditor Arbitrary File Upload ============================================================= xt:Commerce Shopsoftware fckeditor File Upload Vulnerability ============================================================= Exploit Title: xt:Commerce Shopsoftware fckeditor...
java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
Design/Logic Flaw
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to...
java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
CVE-2009-3867
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
Stack overflow
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
Design/Logic Flaw
Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the...
CVE-2009-3007
Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the...
CVE-2009-2200
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document...
openSUSE Security Update : opera (opera-366)
Opera 9.63 fixes the following security problems : - Manipulating text input contents can allow execution of arbitrary code - HTML parsing flaw can cause Opera to execute arbitrary code. - Long hostnames in file: URLs can cause execution of arbitrary code. - Script injection in feed preview can...
Design/Logic Flaw
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...
CVE-2009-1839
CVE-2009-1839 affects Mozilla Firefox 3.x before 3.0.11. Affected: Firefox 3 up to 3.0.11. Description: loading a file: URL via the location bar could have an incorrect security principal, allowing a user‑supplied crafted HTML document to bypass file access restrictions and read local files, i.e....
CVE-2009-1839
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack...
Critical: Red Hat Security Advisory: seamonkey security update
Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat...
file: resources
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with...
CVE-2009-1703
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within 1 audio and 2 video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document...
CVE-2009-1703
CVE-2009-1703 concerns WebKit in Apple Safari prior to 4.0, where references to file: URLs within audio and video elements are not blocked. This could let remote attackers determine the existence of arbitrary files by delivering crafted HTML, constituting an information-disclosure risk. The affec...
DEBIAN-CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...