LocalTapiola: Mixed Active Scripting Issue on https://www.lahitapiola.fi

HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://www.lahitapiola.fi/henkilo/asiakaspalvelu/asioi-verkossa/kirjaudu-verkkoon Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can...

ownCloud: apps.owncloud.com: Mixed Active Scripting Issue

I come across HTTPS security issue - compromises HTTPS security by loading images from non secure source in https://apps.owncloud.com/. Vulnerability Type: Mixed Active Scripting Issue Description: Mixed Active Content is content that has access to and can affect all or parts of the Document Obje...

Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Exploit 0day

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Webmoney Advisor ActiveX Remote DoS Exploit

No description provided by source. html Pwnage Page object classid='clsid:3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840' id='target' /object script language='vbscript' targetFile = C:\Program Files\WebMoney Advisor\wmadvisor.dll prototype = Sub Redirect ByVal url As String memberName = Redirect progid =...

Microsoft IE 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2633/info A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is...

MS Outlook Express 5 Javascript Email Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/962/info Microsoft Outlook Express 5, and possibly other email clients that parse HTML messages, can be made to run Active Scripting that will read any new messages that arrive after the hostile code has been run. Example...

New Zero-Day Vulnerability CVE-2014-1776 Affects all Versions of Internet Explorer Browser

Microsoft confirmed a new Zero Day critical vulnerability in its browser Internet Explorer. Flaw affects all versions of Internet Explorer, starting with IE version 6 and including IE version 11. In a Security Advisory 2963983 released yesterday, Microsoft acknowledges a zero-day Internet Explore...

Microsoft FixIt Will Address IE Zero-Day Vulnerability

With Internet Explorer users still exposed to as many as four active exploits of a zero-day vulnerability in the browser, Microsoft Tuesday night said it will release a FixIt in the next couple of days that will address the issue. A FixIt is an automated tool provided by Microsoft that diagnoses...

Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come

Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band...

Microsoft Internet Explorer 中心元素远程代码执行漏洞 (MS12-037)

CVE ID: CVE-2012-1523 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer 访问已经删除的对象时存在远程代码执行漏洞。攻击者可利用当前用户权限执行任意代码以破坏内存。 0 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法：...

iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability

iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

Microsoft Internet Explorer CSS use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...

Trusted Sites Zone (Whitelisting)

Keep in mind that when the Internet Zone is set to High, you may encounter web sites that do not function properly due to one or more of the associated security settings. This is where the Trusted sites zone can help. If you trust that the site will not contain malicious content, you can add it t...

Security Zones

Select the Security tab. This provides a list of the various security zones that Internet Explorer uses. For each of these zones, you can select a Custom Level of protection. By clicking the Custom Level button, you will see a second window open that permits you to select various security setting...

Microsoft Internet Explorer iepeers.dll use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer provides support for Web Folders and printing through the use of the...

Microsoft Internet Explorer HTML object memory corruption vulnerability

Overview An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or...

SMF (Simple Machine Forum) 1.1.11 XSS Vulnerabilities

No description provided by source. || Script : SMF Simple Machine Forum 1.1.11 || Vulnerability Type : Active XSS Active Cross Site Scripting || Risk : Low || Discovered By Khashayar Fereidani || http://ircrash.com http://bugtraq.ircrash.com || Note : For use this vulnerability you need access to...

iDefense Security Advisory 12.08.09: Microsoft Internet Explorer HTML Layout Engine Uninitialized Memory Vulnerability

iDefense Security Advisory 12.08.09 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 08, 2009 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

Microsoft Internet Explorer CSS style element vulnerability

Overview Microsoft Internet Explorer IE does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code. Description IE contains a vulnerability in the way it references CSS style elements. Processing a...

Microsoft Internet Explorer fails to properly restrict access to frames

Overview Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. Description Frames in HTML documents are subdivisions of the current window. The most common use of frames in web page...