CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073) - Ver2 (CVE-2008-4258)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...

Adobe Flash Player Information Disclosure (APSB14-09: CVE-2014-0508)

An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an...

Cisco Prime Security Manager跨站脚本漏洞

BUGTRAQ ID: 66488 CVECAN ID: CVE-2014-2118 Cisco Prime Security Manager是集中管理Cisco ASA 5500-X系列防火墙的工具。 Cisco Prime Security Manager 即PRSM 9.2.1-2及之前版本在仪表盘相关的HTML文档内存在多个跨站脚本漏洞，这可使远程攻击者注入远程Web脚本或HTML。 0 Cisco Prime Security Manager 9.2.1-2 目前厂商还没有提供补丁或者升级程序： http://www.cisco.com/go/psirt...

CVE-2014-0746

The disaster recovery system DRS in Cisco Unified Contact Center Express Unified CCX allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536...

CVE-2013-2817

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click...

Hardcoded credentials

An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document...

Hardcoded credentials

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click...

CVE-2013-2817

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click...

Microsoft XMLDOM ActiveX control information disclosure vulnerability

Overview The Microsoft XMLDOM ActiveX control can be used to check for the presence of multiple resources, which can result in unintended information disclosure. Description Microsoft.XMLDOM is an ActiveX control that can run in Internet Explorer without requiring any prompting to the user. This...

Apple Safari Parent.Close User After Free - Ver2 (CVE-2010-1939)

A use-after-free vulnerability has been reported in Apple Safari. The vulnerability is due to an error in Apple Safari while handling the termination and subsequent referencing between child and parent windows. A remote attacker could trigger this vulnerability by enticing a vulnerable target to...

Buffer overflow

Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748...

Buffer overflow

Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6749...

Apple Safari Webkit Use-After-Free Code Execution- Ver2 (CVE-2010-1807)

A code execution vulnerability has been reported in Apple Safari's WebKit. The vulnerability is due to a design error when processing floating point data types. A remote attacker could trigger this vulnerability by enticing a vulnerable target to access a specially crafted HTML document. Successf...

CVE-2013-6040

MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions 4.0 of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue...

Hardcoded credentials

Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document...

CVE-2013-6040

CVE-2013-6040 affects MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls prior to version 4.0. The vulnerability allows arbitrary code execution via a crafted HTML document, with the issue fixed in version 4.0. Exploitation would occur when a user views a malicious HTML document, potentially yi...

CVE-2013-6040 MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls versions before 4.0 are vulnerable to arbitrary code via crafted HTML document.

MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions 4.0 of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue...

CVE-2013-6040 MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls versions before 4.0 are vulnerable to arbitrary code via crafted HTML document.

MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions 4.0 of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue...

MW6 Technologies ActiveX controls contain multiple vulnerabilities

Overview MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls contain multiple vulnerabilities. Description MW6 Technologies' MaxiCode, Aztec, and DataMatrix ActiveX controls are used for processing barcodes. The ActiveX controls contain multiple vulnerabilities that may lead to...