Oracle XSQL Stylesheet Vulnerability

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. OpenVAS Vulnerability Test $Id: oraclexsql.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle XSQL Stylesheet...

Oracle XSQL Stylesheet Vulnerability

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. SPDX-FileCopyrightText: 2000 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

CVE-2005-0588

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...

GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-10 Mozilla Firefox: Various vulnerabilities The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact wit...

security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...

Opera < 8.54 signedness StyleSheet Overflow

Binary data 3515.prm...

CVE-2004-0310

CVE-2004-0310 describes a cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1. The issue arises in the site’s stylesheet handling, where semicolon/parentheses are not stripped, enabling a remote attacker to execute JavaScript as another user via a crafted stylesheet (demonstrated ...

CVE-2002-0169

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...

CVE-2002-0618

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution"...

CVE-2002-0191

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability...

Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service

source: https://www.securityfocus.com/bid/5027/info A problem with Microsoft Internet Explorer may make it possible to deny service to users of the browser. The problem is in the handling of certain types of stylesheet input. It may be possible to crash IE. When IE encounters a style sheet with t...

CVE-2002-0191

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability...

CVE-2002-0169

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...

[NT] Excel XP XML Stylesheet Security Problem

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...

[RHSA-2002:062-08] Insecure DocBook stylesheet option

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Insecure DocBook stylesheet option Advisory ID: RHSA-2002:062-08 Issue date: 2002-04-11 Updated on: 2002-04-26 Product: Red Hat Linux Keywords: docbook stylesheet Cross...

CVE-2001-0126

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet...

CVE-2001-0126

The vulnerability CVE-2001-0126 affects Oracle XSQL Servlet (versions 1.0.3.0 and earlier). An attacker can remotely cause arbitrary Java code execution by redirecting the XSQL server to a malicious source via the xml-stylesheet parameter in the XSLT stylesheet used by an XSQL page. This is a net...

CVE-2001-0126

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet...