1265 matches found
CVE-2007-0714
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom UDTA with an Atom size field with a large value...
CVE-2007-0791
Cross-site scripting XSS vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0791
Cross-site scripting XSS vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0791
CVE-2007-0791 is a cross-site scripting (XSS) vulnerability in Bugzilla’s Atom feeds affecting Bugzilla versions 2.20.3, 2.22.1, 2.23.3, and older releases back to 2.20.1. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors within Atom feeds. The conne...
simplog0932.txt
Afected Software: simplog up to 0.9.3.2 latest version - 12/05/2006 Site: http://www.simplog.org Simplog provides an easy way for users to add blogging capabilities to their existing websites. Simplog is written in PHP and compatible with multiple databases. Simplog also features an RSS/Atom...
RSSOwl < 1.2.3 Atom Feed XSS
Binary data 3746.prm...
FeedDemon < 2.0.0.25 Atom Feed Active Script Code Execution
According to the Windows registry, the version of FeedDemon, an RSS reader for Windows, installed on the remote host is affected by a flaw due to improper sanitization of RSS feeds of Active Script code. An attacker can exploit this issue to inject arbitrary script into the affected application,...
CVE-2006-4760
Multiple cross-site scripting XSS vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite...
CVE-2006-4761
Multiple cross-site scripting XSS vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite...
CVE-2006-4711
Multiple cross-site scripting XSS vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite...
CVE-2006-4710
Multiple cross-site scripting XSS vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite...
CVE-2006-4711
Multiple cross-site scripting XSS vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite...
CVE-2006-4710
Multiple cross-site scripting XSS vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite...
CVE-2006-4711
Multiple cross-site scripting XSS vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite...
CVE-2006-4710
CVE-2006-4710 affects NewsGator FeedDemon prior to 2.0.0.25. The vulnerability is a set of XSS flaws exploited via an Atom 1.0 feed, enabling an attacker to inject arbitrary script/HTML. The issue is demonstrated in test suites and is tied to improper handling of Atom feeds. Impact is the executi...
CVE-2006-4711
The Red Hat CVE and related records confirm CVE-2006-4711 affects Sage with an XSS vulnerability exposed via Atom 1.0 feed handling, allowing remote attackers to inject arbitrary script/HTML. The core detail: XSS in Sage’s Atom 1.0 feed processing (as evidenced by Red Hat entry and similarly word...
CVE-2006-1467
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...
Integer overflow
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...
QuickTime MOV file udta Atom buffer overflow
Added: 05/24/2006 CVE: CVE-2006-1460 BID: 17953 OSVDB: 25509 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution by a specially crafted Movie MOV file containing a long udta Atom. Resolution Upgrade to QuickTime...