CVE-2014-6365

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328...

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

Stack overflow

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document...

Design/Logic Flaw

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document...

Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3767/info A flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script. The problem occurs when t...

Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7826/info Microsoft Internet Explorer is prone to an issue which could permit an attacker to load a known, existing file in a user's temporary directory or possibly other directories in a user's profile. It is possible to...

Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24499/info Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing victims into opening a maliciously...

Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25289/info The Microsoft Visual Basic 6 TypeLib Information Library TLI ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1644-1)

update to SeaMonkey 2.22 bnc847708 - rebased patches - requires NSS 3.15.2 or higher - MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards - MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing addressbar through SELECT element - MFSA 2013-95/CVE-2013-5604...

openSUSE Security Update : seamonkey (seamonkey-4074)

Mozilla SeaMonkey was updated to version 2.0.12, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

CVE-2014-2185

The Call Detail Records CDR Management component in Cisco Unified Communications Manager Unified CM allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374...

CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073) - Ver2 (CVE-2008-4258)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...

Adobe Flash Player Information Disclosure (APSB14-09: CVE-2014-0508)

An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an...

Cisco Prime Security Manager跨站脚本漏洞

BUGTRAQ ID: 66488 CVECAN ID: CVE-2014-2118 Cisco Prime Security Manager是集中管理Cisco ASA 5500-X系列防火墙的工具。 Cisco Prime Security Manager 即PRSM 9.2.1-2及之前版本在仪表盘相关的HTML文档内存在多个跨站脚本漏洞，这可使远程攻击者注入远程Web脚本或HTML。 0 Cisco Prime Security Manager 9.2.1-2 目前厂商还没有提供补丁或者升级程序： http://www.cisco.com/go/psirt...

CVE-2014-0746

The disaster recovery system DRS in Cisco Unified Contact Center Express Unified CCX allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536...