CVE-2002-0242

The CVE-2002-0242 entry concerns Internet Explorer 6 and describes a cross-site scripting vulnerability where output from a remote server via an Extended HTML Form is not properly cleansed, allowing remote script execution. Affected component: Internet Explorer 6 (Extended HTML Form handling). Ro...

CVE-2002-0243

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed...

CVE-2001-1242

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. dot dot in an HTML form...

Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)

Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack Release Date: 06/02/2002 Effects: Internet Explorer 6 and older versions Opera 6.0 and older versions Severity: Allows stealing of cookies, penetration of internal networks and other evil stuff. Author: Obscure^...

Атака через HTML-формы (HTML form attack)

Можно заставить браузер подписать результат запроса формы на другой сервер по протоколу отличному от HTTP например команды протокола POP3 в порт 110. Данные формы могут содержать скрипты и быть использованы для межсайтового скриптинга...

CVE-1999-1016

CVE-1999-1016 concerns the Microsoft HTML control used in Internet Explorer 5.0, FrontPage Express, Outlook Express 5, and Eudora. The vulnerability allows a remote attacker (via a malicious web site or HTML email) to trigger a denial of service by crafting large HTML form fields (e.g., text inpu...

Insecure input balidation in YaBB Search.pl

Hi Everybody, Kosak reported this problem to vuln-dev last night. I downloaded the script and did some testing. There is an input validation problem with the 'catsearch' field, which gets interpolated in an open statement: openFILE, "$boardsdir/$cattosearch" || &fatalerror"$txt'23'...

Microsoft Internet Explorer 5 - HTML Form Control Denial of Service

Microsoft Internet Explorer 5 - HTML Form Control Denial of Service Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 HTML Form Control DoS source: https://www.securityfocus.com/bid/606/info Certain Microsoft applications IE5, Outlook Express 5 are unable to display large HTM...

Microsoft Internet Explorer 5 - HTML Form Control Denial of Service

Microsoft Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4 HTML Form Control DoS source: https://www.securityfocus.com/bid/606/info Certain Microsoft applications IE5, Outlook Express 5 are unable to display large HTML form fields within HTML tables. Attempts to view the offending tab...