CVE-2004-2225

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button...

CVE-2002-1849

ParaChat Server 4.0 is affected: it does not log users off if the browser back button is used, allowing remote attackers to cause a denial of service by repeatedly logging into a chat room, pressing back, and re-logging as a different user, which can fill the room with invalid users. Root cause: ...

CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

CVE-2002-1688

The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button...

CVE-2005-0129

The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected...

DEBIAN-CVE-2005-0129

The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected...

CVE-2003-0908

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialo...

CVE-2003-0908

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialo...

CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

Using the backbutton in IE is dangerous

---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Using the backbutton in IE is dangerous. Date: 2002-04-15 Software: At least Internet Explorer 6.0. Tested env: Windows 2000 pro, XP. Rating: Medium because user interaction is needed. Impact: Read cookies/local files and...

CVE-1999-0471

The CVE-1999-0471 entry concerns Winroute’s remote proxy server, where an unauthenticated attacker can reconfigure the proxy through the "cancel" button. The PT-1999-1152 PTSecurity page confirms the issue but does not specify affected versions or a fix. Other sources reiterate that the vulnerabi...

PT-1999-1152 · Triton · Winroute

Name of the Vulnerable Software and Affected Versions: Winroute affected versions not specified Description: The issue allows a remote attacker to reconfigure the proxy server without authentication. This can be achieved through the "cancel" button. Recommendations: At the moment, there is no...