Lucene search
+L

2790 matches found

exploitpack
exploitpack
added 2004/03/10 12:0 a.m.11 views

Apple Safari 1.x - Cookie Directory Traversal

Apple Safari 1.x - Cookie Directory Traversal source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded UR...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2004/03/10 12:0 a.m.32 views

Directory traversal in multiple browsers cookie path

It's possible to access cookie from the document with different path...

4.2AI score
Exploits0References1Affected Software3
NVD
NVD
added 2003/12/31 5:0 a.m.21 views

CVE-2003-1492

Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . dot at the end...

5CVSS6.5AI score0.01202EPSS
Exploits1References3
CVE
CVE
added 2003/12/17 5:0 a.m.52 views

CVE-2003-1017

CVE-2003-1017 affects Macromedia Flash Player before 7.0.19.0. The vulnerability arises because Flash data files are stored in a predictable location accessible to web browsers, allowing remote attackers to read restricted files via browser vulnerabilities that rely on predictable file names. The...

5CVSS6.8AI score0.03002EPSS
Exploits1References3Affected Software2
Exploit DB
Exploit DB
added 2003/07/02 12:0 a.m.39 views

Verity K2 Toolkit 2.20 Query Builder Search Script - Cross-Site Scripting

source: https://www.securityfocus.com/bid/8074/info It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or script code in the browsers of users...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/05/28 12:0 a.m.37 views

S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities

ID: S21SEC-023-en Title: Multiple Cross Site Scripting vulnerabilities in Vignette Date: 03/04/2003 Status: Vendor contacted and solution available Scope: HTML code Execution in client browsers Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-023-en.txt Release:...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/25 12:0 a.m.27 views

Netscape 6.0/7.0 - Style Sheet Denial of Service

source: https://www.securityfocus.com/bid/6937/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when rendering certain style sheet code. If a malicious page is viewed the browser reportedly becomes unstable. One possible condition mentioned...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/02/24 12:0 a.m.25 views

[SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard

Security Corporation Security Advisory SCSA-007 PROGRAM: WWWBoard HOMEPAGE: http://www.scriptarchive.com VULNERABLE VERSIONS: 2.0A2.1 and prior DESCRIPTION WWWBoard is "A threaded discussion forum that allows users to post new messages, followup to existing ones and more. Includes a basic admin t...

Exploits0
securityvulns
securityvulns
added 2003/02/12 12:0 a.m.24 views

Cross Site Scripting Advisory.

uk2sec Cross Site Scripting Advisory by c0wd0g3 [email protected] Many many websites run a 'site search' tool on their webpage with a URL that looks like this: /search/index.cfm I am having trouble locating a specific vendor, but according to windows the possible applications that may run it...

6.5AI score
Exploits0
Symantec
Symantec
added 2003/02/04 12:0 a.m.26 views

Opera Cross Domain Scripting Vulnerability

Description A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems. Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is...

1.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2002/12/31 5:0 a.m.26 views

CVE-2002-2060

Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images...

7.5CVSS7.9AI score0.03489EPSS
Exploits0References3
NVD
NVD
added 2002/09/24 4:0 a.m.22 views

CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunloa...

2.6CVSS6.4AI score0.01523EPSS
Exploits1References7
securityvulns
securityvulns
added 2002/09/18 12:0 a.m.382 views

Bug in Opera and Konqueror

/----------------+--------------------------------------+------------- | sp00fed packet | | advisory 2 | +----------------+--------------------------------------+-------------+ | Product: multiply vendors browsers | | Vulnerability: buffer overflow | | Danger: low |...

7.6AI score
Exploits0
securityvulns
securityvulns
added 2002/09/09 12:0 a.m.37 views

Buffer overflows in multiple browsers x.509 certificates parsing

No description provided...

4.2AI score
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2002/09/07 12:0 a.m.31 views

MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable

Hello, Test page for Konqueror is at: http://pp.siedziba.pl/2f/ I have also tested it with Mozilla 1.0 Gecko/20020829 and Galeon 1.2.5 Gecko/20020606 and found not vulnerable - the script throws "Permission denied to get property HTMLDocument.body" exception. -- Piotr Pawow mailto:[email protected]...

0.6AI score
Exploits0
CVE
CVE
added 2002/08/31 4:0 a.m.53 views

CVE-2002-1008

CVE-2002-1008 describes a cross-site scripting vulnerability in PowerBASIC urlcount.cgi, included with Lil’ HTTP web server. The flaw allows remote attackers to induce execution of web script in another browser by crafting a request to urlcount.cgi that contains unfiltered script, particularly wh...

7.5CVSS7.1AI score0.07099EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2002/08/05 12:0 a.m.27 views

DSA-140 libpng - buffer overflow

Bulletin has no description...

7.5CVSS6.2AI score0.02983EPSS
Exploits0
NVD
NVD
added 2002/06/18 4:0 a.m.28 views

CVE-2002-0594

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet CSS page that causes an HTTP redirect...

5CVSS6.6AI score0.02355EPSS
Exploits1References6
securityvulns
securityvulns
added 2002/02/07 12:0 a.m.32 views

Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)

Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack Release Date: 06/02/2002 Effects: Internet Explorer 6 and older versions Opera 6.0 and older versions Severity: Allows stealing of cookies, penetration of internal networks and other evil stuff. Author: Obscure^...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2001/12/11 12:0 a.m.17 views

Microsoft Internet Explorer 6.0 Mozilla 0.9.6 Opera 5.1 - Image Count Denial of Service

Microsoft Internet Explorer 6.0 Mozilla 0.9.6 Opera 5.1 - Image Count Denial of Service source: https://www.securityfocus.com/bid/3684/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. An unusually high image count may cause a denial of...

7.3AI score
Exploits0
Rows per page
Query Builder