Lucene search
K

158 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1753/info This vulnerability is a new variation of the NT LPC Privilege Escalation Vulnerabilty please see http://www.securityfocus.com/bid/934 for details reported on January 12, 2000 by Bindview. The patch released by...

7.1AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2012/11/19 12:0 a.m.495 views

Error pages can be used to guess local file paths

Remote web pages should not be able to detect what files a user has on their local machine. Certain error pages do not apply this restriction correctly, allowing web pages to produce an error page where a script can run. The script can then use various events to detect whether files on the user's...

1AI score
Exploits0Affected Software1
Debian
Debian
added 2012/03/15 7:15 p.m.10 views

[BSA-063] Security Update for notmuch

I uploaded new packages for notmuch which fixed the following security problems: DSA-2416-1 notmuch -- information disclosure When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to...

2.5AI score
Exploits0
Debian
Debian
added 2012/03/15 7:15 p.m.34 views

[BSA-063] Security Update for notmuch

I uploaded new packages for notmuch which fixed the following security problems: DSA-2416-1 notmuch -- information disclosure When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to...

5.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2010/02/09 12:0 a.m.36 views

Microsoft Outlook 2002 Script Execution (CVE-2004-0121)

Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Microsoft Outlook product is an implementation of an email client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...

7.5CVSS8.3AI score0.47676EPSS
Exploits1
securityvulns
securityvulns
added 2010/02/08 12:0 a.m.27 views

Gnome Nautilus code execution

HTML script is executed in local machine context on HTML prveiew...

1.2AI score
Exploits0References1
NVD
NVD
added 2009/09/09 10:30 p.m.23 views

CVE-2009-3114

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...

7.5CVSS6.8AI score0.02245EPSS
Exploits0References5
Prion
Prion
added 2009/09/09 10:30 p.m.19 views

Design/Logic Flaw

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...

7.5CVSS7.3AI score0.02245EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2008/11/24 12:0 a.m.359 views

Microsoft Internet Explorer saved pages crossite scripting

Crossite scripting in context of local machine is possible on saving URL with address like http://site/--scriptalert"XSS"/script...

4.3CVSS0.1AI score0.10733EPSS
Exploits0References3
NVD
NVD
added 2008/10/23 10:0 p.m.20 views

CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...

9.3CVSS6.6AI score0.05978EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2008/10/23 10:0 p.m.29 views

CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...

9.3CVSS6.2AI score0.05978EPSS
Exploits0References1
Prion
Prion
added 2008/10/23 10:0 p.m.19 views

Design/Logic Flaw

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...

9.3CVSS6.8AI score0.05978EPSS
Exploits0References17Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/10/10 12:0 a.m.43 views

FreeBSD : opera -- multiple vulnerabilities (fb84d5dd-9528-11dd-9a00-001999392805)

Opera reports : If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...

9.3CVSS5.5AI score0.09753EPSS
Exploits0References5
seebug.org
seebug.org
added 2008/06/05 12:0 a.m.9 views

MS Internet Explorer URL Injection in History List (MS04-004)

No description provided by source. // Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands...

7.1AI score
Exploits0
NVD
NVD
added 2008/05/18 2:20 p.m.26 views

CVE-2008-2281

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...

9.3CVSS6.1AI score0.23212EPSS
Exploits1References6
Cvelist
Cvelist
added 2008/05/18 2:0 p.m.34 views

CVE-2008-2281

Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluat...

6.1AI score0.23212EPSS
Exploits1References6
seebug.org
seebug.org
added 2008/05/17 12:0 a.m.29 views

MS Internet Explorer (Print Table of Links) Cross-Zone Scripting PoC

No description provided by source. !-- Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability Author: Aviv Raff http://aviv.raffon.net/ Summary Internet Explorer is prone to a Cross-Zone Scripting vulnerability in ...

7.1AI score
Exploits0
NVD
NVD
added 2008/02/05 3:0 a.m.24 views

CVE-2008-0583

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata...

4.3CVSS6.1AI score0.02063EPSS
Exploits1References5
CVE
CVE
added 2008/02/05 2:0 a.m.74 views

CVE-2008-0582

CVE-2008-0582 affects Skype on Windows (versions 3.1–3.6.0.244). The issue is a cross-zone scripting vulnerability in the Internet Explorer web control used by SkypeFind, allowing an attacker to inject script/HTML into the Local Machine Zone via the Full Name field of a reviewer in a business ite...

4.3CVSS6.2AI score0.01207EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2008/01/25 1:0 a.m.16 views

Cross site scripting

Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a 1 Dailymotion and possibly 2...

9.3CVSS6.4AI score0.25198EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder