Lucene search
+L

2451 matches found

Prion
Prion
added 2009/08/28 3:30 p.m.14 views

Design/Logic Flaw

Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site...

4.3CVSS7.2AI score0.01046EPSS
Exploits0References3Affected Software1
Mozilla
Mozilla
added 2009/06/11 12:0 a.m.47 views

JavaScript chrome privilege escalation — Mozilla

Mozilla security researcher mozbugra4 reported a vulnerability which allows scripts from page content to run with elevated privileges. Using this vulnerability, an attacker could cause a chrome privileged object, such as the browser sidebar or the FeedWriter, to interact with web content in such ...

9.3CVSS3.1AI score0.04795EPSS
Exploits1References2Affected Software3
Prion
Prion
added 2009/05/06 5:30 p.m.13 views

Cross site request forgery (csrf)

Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data to be sent to an...

4.3CVSS6.7AI score0.01631EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/04/24 12:0 a.m.36 views

Google Chrome < 1.0.154.59 ChromeHTML URI Handling Privilege Escalation

The version of Google Chrome installed on the remote host is earlier than 1.0.154.59. Such versions are reportedly affected by an issue when handling URLs with a 'chromehtml:' protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk. If...

7.8CVSS5.8AI score0.01207EPSS
Exploits2References2
EUVD
EUVD
added 2008/08/15 12:0 a.m.2 views

EUVD-2008-3645

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since...

6.4CVSS7.2AI score0.06025EPSS
Exploits0References35
Tenable Nessus
Tenable Nessus
added 2008/05/29 12:0 a.m.39 views

Fedora 7 : libpng10-1.0.37-1.fc7 (2008-3979)

This update fixes the way that libpng10 handles unknown zero-length chunks, which in previous versions could result in writing to attacker controlled addresses, depending on how the libpng api is used. To be affected, an application would have to call pngsetkeepunknownchunks, which tells libpng n...

7.5CVSS8.1AI score0.05514EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.33 views

Debian Security Advisory DSA 1149-1 (ncompress)

The remote host is missing an update to ncompress announced via advisory DSA 1149-1. Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a...

7.5CVSS0.4AI score0.05757EPSS
Exploits0
Cvelist
Cvelist
added 2007/11/15 2:0 a.m.30 views

CVE-2007-4700

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors...

7AI score0.02059EPSS
Exploits1References8
Prion
Prion
added 2007/06/22 6:30 p.m.30 views

Design/Logic Flaw

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...

10CVSS8.2AI score0.08958EPSS
Exploits8References14Affected Software1
NVD
NVD
added 2007/06/22 6:30 p.m.18 views

CVE-2007-3336

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...

10CVSS7.6AI score0.08958EPSS
Exploits8References14
Prion
Prion
added 2007/03/09 10:19 p.m.18 views

Design/Logic Flaw

inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...

4.4CVSS6.7AI score0.00644EPSS
Exploits0References8Affected Software1
exploitpack
exploitpack
added 2006/09/14 12:0 a.m.33 views

Blojsom 2.31 - Cross-Site Scripting

Blojsom 2.31 - Cross-Site Scripting source: https://www.securityfocus.com/bid/20026/info Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser ...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/09/06 12:0 a.m.6 views

PT-2006-5354 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 1.5.0.6 Description: The issue allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server. This can be achieved by hosting a script on an...

7.5CVSS6.8AI score0.01462EPSS
Exploits1References5
NVD
NVD
added 2006/06/26 10:6 a.m.16 views

CVE-2006-2196

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...

4.6CVSS6.3AI score0.00354EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2006/06/26 10:6 a.m.25 views

CVE-2006-2196

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...

4.6CVSS5.8AI score0.00354EPSS
Exploits0References1
exploitpack
exploitpack
added 2006/04/07 12:0 a.m.32 views

Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities

Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/17438/info Guestbook is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically...

7.8AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/12/20 12:0 a.m.14 views

MPlayer: Multiple overflows

Background MPlayer is a media player capable of handling multiple multimedia file formats. Description iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in...

3.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.8 views

Mozilla POP3 Mail Handler Remote Overflow (deprecated)

Binary data 1320.prm...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2004/05/13 12:0 a.m.23 views

Microsoft Outlook Express 6.0 - URI Obfuscation

source: https://www.securityfocus.com/bid/10345/info Microsoft Outlook Express has been reported prone to a URI obfuscation vulnerability. This issue is reported to affect version 6.0 of the affected software, other versions might also be affected. An attacker could reportedly get a user to visit...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/27 12:0 a.m.20 views

phpGroupWare 0.9.x - &#039;index.php&#039; HTML Injection

source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and script code would be able to access propertie...

7.4AI score
Exploits0
Rows per page
Query Builder