Code injection

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast url attribute of an enclosure tag, or $encurl variable, which is executed when running wget...

FreeBSD : amaya -- Attribute Value Buffer Overflow Vulnerabilities (dc930435-d59f-11da-8098-00123ffe8333)

Secunia reports : Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

PT-2006-3297 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 1.5.0.3 Description: The issue allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. It was noted that the web page caused a...

Microsoft Internet Explorer 6.0.2900 SP2 - CSS Attribute Denial of Service

IE-Crash - By seven header position: fixed; height: 761px; width: 1268; milw0rm.com 2006-05-10...

MS Internet Explorer <= 6.0.2900 SP2 (CSS Attribute) Denial of Service

Exploit for unknown platform in category dos / poc ====================================================================== MS Internet Explorer IE-Crash - By seven header position: fixed; height: 761px; width: 1268; 0day.today 2018-04-02...

Design/Logic Flaw

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to 1 multiple SCROLLING attributes with no values, or 2 a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which...

CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...

Buffer overflow

Multiple buffer overflows in World Wide Web Consortium W3C Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in 1 the COMPACT attribute of the COLGROUP element, 2 the ROWS attribute of the TEXTAREA element, and 3 t...

Integer overflow

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...

CVE-2006-1834

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...

CVE-2006-1834

Opera before 8.54 is affected by a vulnerability caused by an integer signedness error in the handling of long values in a stylesheet attribute, which can bypass a length check and potentially allow remote code execution. This is documented in multiple sources associated with CVE-2006-1834, inclu...

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

W3C Amaya 9.4 - legend color Attribute Value Overflow

W3C Amaya 9.4 - legend color Attribute Value Overflow source: https://www.securityfocus.com/bid/17507/info W3C Amaya is susceptible to multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it t...

Opera browser integer overflow

Integer overflow on long stylsheet sttribute. Can potentially be used for hidden malware installation...

[Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow

SEC-CONSULT Security Advisory 20060413-0 ======================================== title: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow program: Opera vulnerable version: = 8.52 homepage: www.opera.com found: 2006-03-01 by: SEC Consult / www.sec-consult.com...

Spoofing

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...

CVE-2006-1275

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...

The link tooltip and the statusbar can be misleading – Opera Security Advisories

The link tooltip and the statusbar can be misleading – Opera Security Advisories OPCOM Team | February 17, 2006 Summary Opera’s status bar shows the “title” attribute of a form inputimage, not the form’s “action” URL. This may mislead the user. Severity: Very low Problem description It is possibl...

CVE-2006-0709

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105...

CVE-2006-0709

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105...