Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Windows)

This host is installed with Apple Safari web browser and is prone to address bar spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafariaddressbarspoofinvulnwin.nasl 5963 2017-04-18 09:02:14Z teissa $ Apple Safari 'setInterval' Address Bar Spoofing Vulnerability Windows Authors:...

2X Client TuxClientSystem ActiveX InstallClient() Method Arbitrary MSI Package Installation

The version of the TuxClientSystem ActiveX control, part of the 2X Client, installed on the remote Windows host is earlier than 10.1 Build 1239. As such, its 'InstallClient' method reportedly accepts a URL to an MSI package and allows installation of an application without explicit user approval...

LuraWave JP2 ActiveX Control < 2.1.5.11 jp2_x.dll Remote Buffer Overflow

The version of the LuraWave JP2 ActiveX control installed on the remote Windows host reportedly contains a stack-based buffer overflow vulnerability. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to execute arbitrar...

CVE-2012-0189

Multiple unspecified vulnerabilities in the 1 PrintFile and 2 SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document...

Design/Logic Flaw

Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document...

Design/Logic Flaw

Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document...

Hardcoded credentials

Multiple unspecified vulnerabilities in the 1 PrintFile and 2 SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document...

CVE-2012-0190

Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document...

CVE-2012-0189

IBM SPSS SamplePower 3.0 on Windows is affected by CVE-2012-0189 in the VsVIEW6.ocx ActiveX control (SaveDoc method). The vulnerability allows remote code execution when the ActiveX control is instantiated from Internet Explorer; exploitation requires user interaction (visiting a malicious page o...

CVE-2012-0188

IBM SPSS products (Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, 6.0.1) are affected by CVE-2012-0188 due to a buffer overflow in the SetLicenseInfoEx() method of the mraboutb.dll ActiveX control. The vulnerability arises from copying the first parameter (strInstallDir) into a 256-byte global...

CVE-2012-0188

Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document...

CVE-2012-0189

Multiple unspecified vulnerabilities in the 1 PrintFile and 2 SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document...

Google Chrome Multiple Information Disclosure Vulnerabilities - Mac OS X

Google Chrome is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-5068

The Cascading Style Sheets CSS implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264...

Design/Logic Flaw

The Cascading Style Sheets CSS implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264...

Design/Logic Flaw

The Cascading Style Sheets CSS implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264...

CVE-2010-5069

The Cascading Style Sheets CSS implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264...

CVE-2002-2436

The Cascading Style Sheets CSS implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a...

CVE-2010-5069

Removed by vendor...

Adobe Flash Player Embedded Flash Object Code Execution (APSB11-28; CVE-2011-2459)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to null pointer dereference in the Flash plugin while handling string values. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an embedd...