149 matches found
Microsoft Internet Explorer CStyleAttrArray Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
CVE-2015-4294
Cross-site scripting XSS vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766...
Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer COptionElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer CGeneratedContent::UnWrapContent Out-Of-Bound Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within styl...
Microsoft Internet Explorer Insert Command Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer Insert Command Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
(0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Yii Framwork CmsInput Improper XSS Filter
Yii framework CmsInput extension 1 improper XSS sanitation + Discovered by: Jos Wetzels + Affects: Yii framework CmsInput extension xssClean$this-stripTags$str; What happens is that stripTags is called on the user-supplied input before xssClean is called. stripTags is designed to eliminate all...
Mozilla Thunderbird does not adequately restrict HTML elements in email message content
Overview Mozilla Thunderbird does not adequately restrict HTML elements in email content, which could allow an attacker to execute arbitrary script when a specially-crafted email message is forwarded or replied to. Description Vulnerability Lab has reported a vulnerability in the way Mozilla...
CVE-2011-1953
Multiple cross-site scripting XSS vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a 1 P, a 2 STRONG, a 3 A, a 4 EM, a 5 I, a 6 IMG, a 7 LI, an 8 OL, a 9 VIDEO, or a 10 BLOCKQUOTE element...
CVE-2010-0049
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via HTML elements with right-to-left RTL text directionality...
CVE-2010-0052
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "callbacks for HTML elements."...
Design/Logic Flaw
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "callbacks for HTML elements."...
CVE-2010-0052
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "callbacks for HTML elements."...
CVE-2010-0049
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via HTML elements with right-to-left RTL text directionality...
CVE-2010-0052
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "callbacks for HTML elements."...
CVE-2010-0052
Removed by vendor...
CVE-2010-0049
Removed by vendor...
Mac OS X : Apple Safari < 4.0.5
The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.5. As such, it is potentially affected by several issues : - An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even ...