Design/Logic Flaw

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to 1 multiple SCROLLING attributes with no values, or 2 a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which...

CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...

Buffer overflow

Multiple buffer overflows in World Wide Web Consortium W3C Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in 1 the COMPACT attribute of the COLGROUP element, 2 the ROWS attribute of the TEXTAREA element, and 3 t...

Integer overflow

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...

CVE-2006-1834

Opera before 8.54 is affected by a vulnerability caused by an integer signedness error in the handling of long values in a stylesheet attribute, which can bypass a length check and potentially allow remote code execution. This is documented in multiple sources associated with CVE-2006-1834, inclu...

CVE-2006-1834

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

Opera browser integer overflow

Integer overflow on long stylsheet sttribute. Can potentially be used for hidden malware installation...

W3C Amaya 9.4 - legend color Attribute Value Overflow

W3C Amaya 9.4 - legend color Attribute Value Overflow source: https://www.securityfocus.com/bid/17507/info W3C Amaya is susceptible to multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it t...

[Full-disclosure] SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow

SEC-CONSULT Security Advisory 20060413-0 ======================================== title: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow program: Opera vulnerable version: = 8.52 homepage: www.opera.com found: 2006-03-01 by: SEC Consult / www.sec-consult.com...

Spoofing

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...

CVE-2006-1275

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service client disconnect via inputs that produce malformed XML, including 1 trailing ' apostrophe character on the ID attribute in a PLAYER XML tag, 2 joining with a long ID attribute or non-trailing ' characters, which causes a...

The link tooltip and the statusbar can be misleading – Opera Security Advisories

The link tooltip and the statusbar can be misleading – Opera Security Advisories OPCOM Team | February 17, 2006 Summary Opera’s status bar shows the “title” attribute of a form inputimage, not the form’s “action” URL. This may mislead the user. Severity: Very low Problem description It is possibl...

CVE-2006-0709

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105...

CVE-2006-0709

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105...

DSA-975-1 nfs-user-server - buffer overflow

Bulletin has no description...

Buffer overflow

Buffer overflow in the plug-in for Microsoft Windows Media Player WMP 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src...

CVE-2006-0544

urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 aka 7.0.5296.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" dash of hyphen characters...

DEBIAN-CVE-2006-0297

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the 1 EscapeAttributeValue in jsxml.c for E4X, 2 nsSVGCairoSurface::Init in SVG, and 3...

Cross site scripting

Cross-site scripting XSS vulnerability in MyBulletinBoard MyBB allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as...