158 matches found
Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1753/info This vulnerability is a new variation of the NT LPC Privilege Escalation Vulnerabilty please see http://www.securityfocus.com/bid/934 for details reported on January 12, 2000 by Bindview. The patch released by...
Error pages can be used to guess local file paths
Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user's...
[BSA-063] Security Update for notmuch
I uploaded new packages for notmuch which fixed the following security problems: DSA-2416-1 notmuch -- information disclosure When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to...
[BSA-063] Security Update for notmuch
I uploaded new packages for notmuch which fixed the following security problems: DSA-2416-1 notmuch -- information disclosure When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to...
Microsoft Outlook 2002 Script Execution (CVE-2004-0121)
Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Microsoft Outlook product is an implementation of an email client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...
Gnome Nautilus code execution
HTML script is executed in local machine context on HTML prveiew...
CVE-2009-3114
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...
Design/Logic Flaw
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...
Microsoft Internet Explorer saved pages crossite scripting
Crossite scripting in context of local machine is possible on saving URL with address like http://site/--scriptalert"XSS"/script...
CVE-2008-4695
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
CVE-2008-4695
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
Design/Logic Flaw
Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...
FreeBSD : opera -- multiple vulnerabilities (fb84d5dd-9528-11dd-9a00-001999392805)
Opera reports : If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...
MS Internet Explorer URL Injection in History List (MS04-004)
No description provided by source. // Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands...
CVE-2008-2281
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...
CVE-2008-2281
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...
MS Internet Explorer (Print Table of Links) Cross-Zone Scripting PoC
No description provided by source. !-- Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability Author: Aviv Raff http://aviv.raffon.net/ Summary Internet Explorer is prone to a Cross-Zone Scripting vulnerability in ...
CVE-2008-0583
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata...
CVE-2008-0582
CVE-2008-0582 affects Skype on Windows (versions 3.1–3.6.0.244). The issue is a cross-zone scripting vulnerability in the Internet Explorer web control used by SkypeFind, allowing an attacker to inject script/HTML into the Local Machine Zone via the Full Name field of a reviewer in a business ite...
Cross site scripting
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a 1 Dailymotion and possibly 2...