Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure

source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a normal HTML page. The Javascript code...

Modifed images can lead to JavaScript/VBScript execution in AIM

Software Effected: AOL Instant Messenger Versions Effected: 4.1 to current including 4.4 alpha, older versions probably effected Details: AOL Instnat Messenger has the ability to embed images into an instant message. The user sends the graphic to the person they wish to show, and the graphic show...

Дырка в AOL Instant Messenger

При некоторых условиях на компьютере клиента может быть выполнен Javascript/VBScript...

Дырка в Internet Explorer (Media Player ActiveX)

ActiveX-элемент Media Player позволяет выполнение Javascript В контексте локальной машины...

Microsoft Windows Media Player 7.0 - JavaScript URL

source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from within the Windows Media Player ActiveX control...

Microsoft Indexing Service (Windows 2000NT 4.0) - .htw Cross-Site Scripting

Microsoft Indexing Service Windows 2000NT 4.0 - .htw Cross-Site Scripting source: https://www.securityfocus.com/bid/1861/info A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly...

Очередная уязвимость между фреймами в IE через Web Browser Control ActiveX

Метод navigate позволяет выполнение Javascript в контексте локальной машины...

CVE-2000-0081

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jvascript...

CVE-1999-0750

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account...

CVE-2000-0061

CVE-2000-0061 affects Internet Explorer 5. The vulnerability: during window loading, the document’s security zone is not updated until after loading, permitting a remote attacker to execute JavaScript in a different security context while the page is loading. The record indicates a maximum CVSS v...

CVE-2000-0061

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading...

CVE-2000-0081

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jvascript...

CVE-2000-0061

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading...

Microsoft Internet Explorer 4.04.0.15.05.0.15.5 - preview Security Zone Settings Lag

Microsoft Internet Explorer 4.04.0.15.05.0.15.5 - preview Security Zone Settings Lag Microsoft Internet Explorer 4.0 for Windows 3.1/Windows 95,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5 preview,Internet Explorer 4.0.1 for Windows 98/Windows NT...

Microsoft Internet Explorer 455.55.0.1 - external.NavigateAndFind() Cross-Frame

Microsoft Internet Explorer 455.55.0.1 - external.NavigateAndFind Cross-Frame Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet...

Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame

Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet Explorer for Unix 5.0 external.NavigateAndFind Cross-Frame Vulnerability source...

CVE-1999-0750

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account...

netscape.bookmarks.title.js.txt

Date: Sun, 16 May 1999 17:17:34 +0300 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator bookmarks security vulnerability There is a security bug in Netscape Communicator 4.51 Win95, 4.07 Linux guess all 4.x versions are affected in the way they handle special bookmarks...

CVE-1999-0537

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc...

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...