Microsoft Visual Studio WMI Object Code Execution (MS06-073) - Ver2 (CVE-2006-4704)

A remote code execution vulnerability exists in Microsoft Visual Studio 2005. Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications,...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

Design/Logic Flaw

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...

CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...

Input validation

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...

Design/Logic Flaw

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...

KLA10475 Code execution vulnerability in Internet Explorer

Multiple critical vulnerabilities have been found in Internet Explorer. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. An unknwon...

CVE-2015-1361

platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact...

CVE-2015-1361

Removed by vendor...

Google Chrome Denial of Service Vulnerability (CNVD-2015-00022)

Google Chrome is a simple and efficiently designed web browsing tool developed by Google. A denial of service vulnerability exists in versions of Google Chrome prior to 11.0.696.65, which allows remote attackers to cause a denial of service via a crafted HTML document...

Internet Explorer CSS Memory Corruption (MS09-002) - Ver2 (CVE-2009-0076)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer handles Cascading Style Sheets CSS. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTM...

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

Integer overflow

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

TSUTAYA application arbitrary command execution vulnerability

TSUTAYA application is a chain of famous impression stores all over Japan. An arbitrary command execution vulnerability exists in TSUTAYA application versions prior to 5.3 for Android, which allows remote attackers to execute arbitrary Java methods via a crafted HTML document...

CVE-2014-7241

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document...

CVE-2014-7241

The CVE-2014-7241 issue affects the TSUTAYA App for Android (versions 5.3 and earlier). A vulnerability allows a remote attacker to cause arbitrary Java method execution by presenting a crafted HTML document. This is documented across multiple sources (NVD, CNVD, JVN) and is mitigated by updating...