2790 matches found
Apple Safari 1.x - Cookie Directory Traversal
Apple Safari 1.x - Cookie Directory Traversal source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded UR...
Directory traversal in multiple browsers cookie path
It's possible to access cookie from the document with different path...
CVE-2003-1492
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . dot at the end...
CVE-2003-1017
CVE-2003-1017 affects Macromedia Flash Player before 7.0.19.0. The vulnerability arises because Flash data files are stored in a predictable location accessible to web browsers, allowing remote attackers to read restricted files via browser vulnerabilities that rely on predictable file names. The...
Verity K2 Toolkit 2.20 Query Builder Search Script - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8074/info It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or script code in the browsers of users...
S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities
ID: S21SEC-023-en Title: Multiple Cross Site Scripting vulnerabilities in Vignette Date: 03/04/2003 Status: Vendor contacted and solution available Scope: HTML code Execution in client browsers Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-023-en.txt Release:...
Netscape 6.0/7.0 - Style Sheet Denial of Service
source: https://www.securityfocus.com/bid/6937/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when rendering certain style sheet code. If a malicious page is viewed the browser reportedly becomes unstable. One possible condition mentioned...
[SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard
Security Corporation Security Advisory SCSA-007 PROGRAM: WWWBoard HOMEPAGE: http://www.scriptarchive.com VULNERABLE VERSIONS: 2.0A2.1 and prior DESCRIPTION WWWBoard is "A threaded discussion forum that allows users to post new messages, followup to existing ones and more. Includes a basic admin t...
Cross Site Scripting Advisory.
uk2sec Cross Site Scripting Advisory by c0wd0g3 [email protected] Many many websites run a 'site search' tool on their webpage with a URL that looks like this: /search/index.cfm I am having trouble locating a specific vendor, but according to windows the possible applications that may run it...
Opera Cross Domain Scripting Vulnerability
Description A vulnerability has been reported reported for Opera 7 browsers for Microsoft Windows operating systems. Due to flaws in Opera, it is possible for functions in different domains to be accessed and executed by an attacker with the credentials of the victim user. This vulnerability is...
CVE-2002-2060
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images...
CVE-2002-1126
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunloa...
Bug in Opera and Konqueror
/----------------+--------------------------------------+------------- | sp00fed packet | | advisory 2 | +----------------+--------------------------------------+-------------+ | Product: multiply vendors browsers | | Vulnerability: buffer overflow | | Danger: low |...
Buffer overflows in multiple browsers x.509 certificates parsing
No description provided...
MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable
Hello, Test page for Konqueror is at: http://pp.siedziba.pl/2f/ I have also tested it with Mozilla 1.0 Gecko/20020829 and Galeon 1.2.5 Gecko/20020606 and found not vulnerable - the script throws "Permission denied to get property HTMLDocument.body" exception. -- Piotr Pawow mailto:[email protected]...
CVE-2002-1008
CVE-2002-1008 describes a cross-site scripting vulnerability in PowerBASIC urlcount.cgi, included with Lil’ HTTP web server. The flaw allows remote attackers to induce execution of web script in another browser by crafting a request to urlcount.cgi that contains unfiltered script, particularly wh...
DSA-140 libpng - buffer overflow
Bulletin has no description...
CVE-2002-0594
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet CSS page that causes an HTTP redirect...
Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)
Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack Release Date: 06/02/2002 Effects: Internet Explorer 6 and older versions Opera 6.0 and older versions Severity: Allows stealing of cookies, penetration of internal networks and other evil stuff. Author: Obscure^...
Microsoft Internet Explorer 6.0 Mozilla 0.9.6 Opera 5.1 - Image Count Denial of Service
Microsoft Internet Explorer 6.0 Mozilla 0.9.6 Opera 5.1 - Image Count Denial of Service source: https://www.securityfocus.com/bid/3684/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. An unusually high image count may cause a denial of...