CVE-2008-5822

Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service memory consumption and browser hang via a long CLASS attribute in an HR element in an HTML document...

Apple Mac OS X Multiple Vulnerabilities-06 (Oct 2015)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-1303

Removed by vendor...

CVE-2015-5624

Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued "Click to Live" service...

Buffer overflow

Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued "Click to Live" service...

CVE-2015-5624

CVE-2015-5624 describes a buffer overflow in the ExecCall() method of the FreeBit ELPhoneBtnV6 ActiveX control (c2lv6.ocx). The vulnerability allows a remote attacker to execute arbitrary code by prompting a user to view a specially crafted HTML document. The ActiveX control is part of the discon...

CVE-2015-5624

Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontinued "Click to Live" service...

CVE-2015-2980

The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document...

Design/Logic Flaw

The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document...

CVE-2015-2980

The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document...

CVE-2015-2976

Multiple cross-site scripting XSS vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted HTML document or 2 a crafted URL that is mishandled during access-log analysis...

CVE-2015-2976

Multiple cross-site scripting XSS vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted HTML document or 2 a crafted URL that is mishandled during access-log analysis...

CVE-2015-0140

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document...

Hardcoded credentials

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via document.implementation.createHTMLDocument function. In Firefox and Safari an attacker can use an malicious inert document created using the vulnerable function. Details Cross-site scripting or XSS is a code...

Microsoft Visual Studio WMI Object Code Execution (MS06-073) - Ver2 (CVE-2006-4704)

A remote code execution vulnerability exists in Microsoft Visual Studio 2005. Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications,...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

Design/Logic Flaw

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

CVE-2015-0804

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via a...

CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...