CVE-2010-4034

Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

Hardcoded credentials

Opera before 10.63 allows remote attackers to cause a denial of service application crash via a Flash movie with a transparent Window Mode aka wmode property, which is not properly handled during navigation away from the containing HTML document...

CVE-2010-4035

Removed by vendor...

CVE-2010-4035

Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2010-4034

Removed by vendor...

CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

Heap overflow

Heap-based buffer overflow in Comctl32.dll aka the common control library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute...

Memory corruption

Microsoft Windows Media Player WMP 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption...

CVE-2010-2745

CVE-2010-2745 is a Windows Media Player memory corruption vulnerability affecting WMP 9–12. It arises when Windows Media Player fails to deallocate objects during a browser reload, allowing a remote attacker to execute arbitrary code by convincing a user to visit a crafted web page. Exploitation ...

CVE-2010-2745

Microsoft Windows Media Player WMP 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption...

Trend Micro Internet Security Pro UfProxyBrowserCtrl ActiveX extSetOwner Function Arbitrary Code Execution

The UfProxyBrowserCtrl ActiveX control, a component of Trend Micro Internet Security Pro 2010 installed on the remote Windows host, reportedly has an issue in its 'extSetOwner' function that allows a remote attacker to run arbitrary code via an invalid address that is dereferenced as a pointer. I...

Apple Safari Multiple Vulnerabilities - Sep10

The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnsep10.nasl 5263 2017-02-10 13:45:51Z teissa $ Apple Safari Multiple Vulnerabilities - Sep10 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

Adobe Flash unspecified code execution vulnerability

Overview Adobe Flash contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash contains a vulnerability that can result in memory corruption, which can allow arbitrary code execution. See also Adobe Security Advisory...

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...

Design/Logic Flaw

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...

CVE-2010-1807

Removed by vendor...

Mozilla Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities

Binary data 5656.prm...

CVE-2010-2809

The default configuration of the binding in Uzbl before 2010.08.05 does not properly use the @SELECTEDURI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document...