989 matches found
Microsoft Outlook 2003 - Predictable File Location
Microsoft Outlook 2003 - Predictable File Location source: https://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Interne...
Kerio Personal Firewall 4 and IE 6 "Bug"
---------------- Kerio Personal Firewall 4 - ---------------- +Web Filtering enabled problem If a URL contains 131213 Kerio Firewall Crashes http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=&btnG=Google +Search also it can be passed to a browser via IFRAME tag and crash Kerio without...
Opera Browser 6.0 6 - URI Display Obfuscation
Opera Browser 6.0 6 - URI Display Obfuscation source: https://www.securityfocus.com/bid/9281/info A weakness has been reported in Opera that may allow attackers to obfuscate the URI for a visited page. The problem is said to occur when a URI that is designed to access a specific location with a...
Microsoft Internet Explorer 6 - Local Resource Reference
Microsoft Internet Explorer 6 - Local Resource Reference source: https://www.securityfocus.com/bid/8886/info Microsoft Internet Explorer is prone to an issue that may allow for unauthorized access to local resources. Internet Explorer version 6 SP1 imposed restrictions to limit remote sites from...
Opera 7.117.20 HREF - Malformed Server Name Heap Corruption
Opera 7.117.20 HREF - Malformed Server Name Heap Corruption source: https://www.securityfocus.com/bid/8853/info A vulnerability has been discovered in the Opera web browser that could lead to remote code execution. The problem is said to trigger when handling malformed HTML HREF values and may...
Opera 7.11/7.20 HREF - Malformed Server Name Heap Corruption
source: https://www.securityfocus.com/bid/8853/info A vulnerability has been discovered in the Opera web browser that could lead to remote code execution. The problem is said to trigger when handling malformed HTML HREF values and may result in a buffer overrun occuring within heap memory. As a...
MSIE->WsBASEjpu
WsBASEjpu tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-MyPage.HTM or http://umbrella.mx.tc --- WsBASEjpu...
Avant Browser 8.0.2 - HTTP Request Buffer Overflow (PoC)
Avant Browser 8.0.2 - HTTP Request Buffer Overflow PoC source: https://www.securityfocus.com/bid/8471/info It has been reported that a buffer overflow condition exists in the Avant Browser software that may cause an attacker to run arbitrary code on a vulnerable host in order to gain unauthorized...
Opera 7.07.10 - JavaScript Console Single Quote Attribute Injection
Opera 7.07.10 - JavaScript Console Single Quote Attribute Injection source: https://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit t...
Secunia Research: Opera browser Cross Site Scripting
====================================================================== Secunia Research 26/02/2003 - Opera browser Cross Site Scripting - ====================================================================== Table of Contents 1..........................................................Description...
Netscape 7.0 - JavaScript Regular Expression Denial of Service
source: https://www.securityfocus.com/bid/6959/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when executing certain JavaScript methods. If a malicious page containing a specially crafted JavaScript regular expression method is viewed the...
Opera 6.07.0 - Username URI Warning Dialog Buffer Overflow
Opera 6.07.0 - Username URI Warning Dialog Buffer Overflow source: https://www.securityfocus.com/bid/6811/info The Opera browser for Win32 and possibly other systems is prone to a remotely exploitable buffer overflow condition. For security purposes, Opera will display a warning any time a user o...
Opera's Security Model is Highly Vulnerable (GM#002-OP)
GreyMagic Security Advisory GM002-OP ===================================== By GreyMagic Software, Israel. 04 Feb 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-op/. Topic: Opera's Security Model is Highly Vulnerable. Discovery date: 14 Nov 2002. Affected applications:...
Opera 7.0 - JavaScript Console Attribute Injection
source: https://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context...
Opera 6.0/7.0 - opera.PluginContext Native Method Denial of Service
source: https://www.securityfocus.com/bid/6814/info Opera ships with a trusted Java class 'opera.PluginContext' that includes a native method that is reportedly prone to denial of service attacks. It is possible for a malicious Java applet to trigger this condition to cause a denial of service...
CVE-2002-2308
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself...
CoolForum v 0.5 beta shows content of PHP files
CoolForum v 0.5 beta shows content of PHP files The original document can be found at http://www.securiteinfo.com/attaques/hacking/coolforum05.shtml .oO Overview Oo. CoolForum v 0.5 beta shows PHP content files Discovered on 2002, September, 16th Vendor: http://www.coolforum.net CoolForum v 0.5 i...
Apache 2 Cross-Site Scripting
This is being submitted without an update to Apache, but I am expecting an Apache Update Announcement shortly. The CVE has already assigned a candidate to this it is currently reserved, and CERT has assigned VU240329, but has not created a write-up yet. The reason for the ugly mail2web .sig is...
phpReactor - Cross-Site Scripting via STYLE
phpReactor has recently been updated to eliminate several known cross-site scripting vulnerabilities. Among these changes was to reduce the tags allowed in posts, profiles, etc. down to B, I, and FONT. However, using the "STYLE" attribute, one can still defeat this: b...
Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access
Mozilla 0.9.x1.0 - JavaScript URL Host Spoofing Arbitrary Cookie Access source: https://www.securityfocus.com/bid/5293/info Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux. An issue has been reported in the Mozilla web browser which...