814 matches found
Fedora 11 : qt-4.5.2-2.fc11 (2009-8800)
Qt's WebKit code did not properly handle numeric character references, which could allow remote attackers to cause a denial of service memory corruption and application crash via a crafted HTML document. Also included is: a fix for lib symlinks changing erroneously on upgrades a fix for Copy and...
GLSA-200908-10 : Dillo: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200908-10 Dillo: User-assisted execution of arbitrary code Tilei Wang reported an integer overflow in the Pngdatainfocallback function, possibly leading to a heap-based buffer overflow. Impact : A remote attacker could entice a us...
CVE-2009-2200
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document...
CVE-2009-2200
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document...
CVE-2009-1918
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allo...
Design/Logic Flaw
The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly...
Memory corruption
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted...
Memory corruption
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allo...
CVE-2009-2493
The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly...
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
This host is installed with Apple Safari Web Browser and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafarijsreloaddosvulnjul09.nasl 4865 2016-12-28 16:16:43Z teissa $ Apple Safari JavaScript 'Reload' DoS Vulnerability - July09 Authors: Sharath S Copyright:...
Memory corruption
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit aka Qt toolkit; and possibly other products do not properly handle numeric character references, which allows remote attackers to...
CVE-2009-1725
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit aka Qt toolkit; and possibly other products do not properly handle numeric character references, which allows remote attackers to...
CVE-2009-2419
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the...
CVE-2009-2419
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the...
Design/Logic Flaw
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the...
CVE-2009-2419
CVE-2009-2419 is a use-after-free vulnerability in WebKit’s servePendingRequests within Apple Safari 4.0 and 4.0.1. The issue can let remote attackers crash the browser or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload ...
Design/Logic Flaw
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web...
Design/Logic Flaw
Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with...
CVE-2009-1840
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web...
Memory corruption
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which...