Microsoft Edge TextNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw relates to how Edge handles tex...

Microsoft Edge CTreePos Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw relates to how Edge handles tex...

Microsoft Edge TextData Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose the contents of memory on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML document...

CVE-2015-7190

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML document...

CVE-2015-6266

The guest portal in Cisco Identity Services Engine ISE 3300 1.20.899 does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045...

CVE-2015-6266

The guest portal in Cisco Identity Services Engine ISE 3300 1.20.899 does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045...

Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

CVE-2015-2974

LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file...

XPCOM - Race Condition

XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: http://www.mozilla.org/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom libra...

CVE-2015-2963

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

Adobe/Apache Flex ASDoc Tool XSS

The remote web server contains one or more HTML documents created with an unpatched version of the Adobe/Apache Flex ASDoc tool that is potentially affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Microsoft Indexing Services for Windows 2000 File Verification Vulnerability

No description provided by source. source : http://www.securityfocus.com/bid/1933/info Microsoft Windows 2000 Indexing Services is a search engine that will allow a user to perform full-text searches of online sites using their browsers. Search results include Word, Excel, PowerPoint, and HTML...

Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE...

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document...

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document...

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2757760 to address a vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted HTML documents e.g., a web page or an HTML email message or attachmen...

Debian Security Advisory DSA 2506-1 (libapache-mod-security)

The remote host is missing an update to libapache-mod-security announced via advisory DSA 2506-1. OpenVAS Vulnerability Test $Id: deb25061.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2506-1 libapache-mod-security Authors: Thomas Reinke Copyright:...

CVE-2012-4142

Opera’s CVE-2012-4142 affects multiple platforms: Windows/UNIX builds before 12.01 and Mac OS X builds before 11.66 (and before 12.01 for 12.x lines). The flaw arises from Opera’s HTML parsing, which ignores some characters under unspecified circumstances, enabling remote XSS via crafted document...