7725 matches found
CVE-2009-1711
CVE-2009-1711 affects WebKit-based components (notably in Apple Safari before 4.0) where WebKit’s Attr DOM memory is not properly initialized. This can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that exercises Attr DOM memory handling...
CVE-2009-1709
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...
PT-2009-1124 · Microsoft · Windows Xp +5
Name of the Vulnerable Software and Affected Versions: Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows XP SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista Gold Microsoft Windows Vista SP1 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Description:...
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute...
Google Chrome XSS Vulnerability
Google Chrome is prone to XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla Foundation Security Advisory 2009-17
Mozilla Foundation Security Advisory 2009-17 Title: Same-origin violations when Adobe Flash loaded via view-source: scheme Impact: High Announced: April 21, 2009 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.9 Description Security researcher Gregory...
Design/Logic Flaw
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1307
CVE-2009-1307 is evidenced in connected documents as a vulnerability in the view-source: URI handling in Mozilla Firefox before 3.0.9 (also affecting Thunderbird and SeaMonkey) that breaks the Same Origin Policy. It enables remote attackers to bypass cross-domain restrictions and connect to arbit...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
view-source: protocol
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
CVE-2009-1307
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...
Crystal Reports viewreport.asp页面跨站脚本漏洞
BUGTRAQ ID: 34341 Crystal Reports是一种报表工具包,允许用户迅速创建灵活、特性丰富的报表,并集成到Web和Windows应用程序中。 Crystal Reports的viewreport.asp页面没有用户所提交的ID、PROMPTEX-SESSIONID、PROMPTEX-TODATE、 PROMPTEX-FROMDATE、PROMPTEX-YEARQTR1、PROMPTEX-YEARQTR2、PROMPTEX- YEARQTR3、PROMPTEX-YEARQTR4、PROMPTEX-YEARQTR5、PROMPTEX-YEARQTR6、...
SAP Business Objects Crystal Reports 7-10 - viewreport.asp Cross-Site Scripting
SAP Business Objects Crystal Reports 7-10 - viewreport.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/34341/info SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the...
SAP Business Objects Crystal Reports 7-10 - 'viewreport.asp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/34341/info SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal...
Firefox XUL garbage collection issue (cansecwest pwn2own)
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009...
Design/Logic Flaw
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...
Sql injection
SQL injection vulnerability in the Simple Random Objects mwrandomobjects extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
QuikSoft EasyMail Objects ActiveX Control BOF Vulnerability
This host is installed with QuikSoft EasyMail Objects ActiveX Control and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbquiksofteasymailobjactvxbofvuln.nasl 5369 2017-02-20 14:48:07Z cfi $ QuikSoft EasyMail Objects ActiveX Control BOF Vulnerability Authors: Nikita M...
QuikSoft EasyMail Objects ActiveX Control BOF Vulnerability
QuikSoft EasyMail Objects ActiveX Control is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...