Debian: Security Advisory (DSA-1797-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-1306

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

jar: scheme ignores the content-disposition: header on the inner URI — Mozilla

Mozilla developer Daniel Veditz reported that when the jar: scheme is used to wrap a URI which serves the content with Content-Disposition: attachment, the HTTP header is ignored and the content is unpacked and displayed inline. A site may depend on this HTTP header to prevent potentially untrust...

CVE-2008-4020

Summary: CVE-2008-4020 is a cross-site scripting vulnerability in Microsoft Office XP SP3 related to the CDO protocol handling of the Content-Disposition header. When a user accesses content via a cdo: URL, the Content-Disposition header may be ignored and the download dialog bypassed, potentiall...

Microsoft Office Content-Disposition Header Code Execution (MS08-056; CVE-2008-4020)

Cross-site scripting XSS could enable an attacker to inject code into a user's session with a Web site. A cross-site scripting vulnerability has been reported in Microsoft Office. The vulnerability is due to a flaw in the cdo:// protocol that does not respect the "content-disposition: attachment"...

Trac content displaying vulnerability

Content-Disposition MIME header is not defined. Crossite scripting...

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content...

CVE-2005-1105

The CVE-2005-1105 entry concerns JavaMail 1.3.2, where a directory-traversal flaw in MimeBodyPart.getFileName allows remote attackers to write arbitrary files by supplying a .. (dot dot) sequence in the Content-Disposition header. This identifies a vulnerability in the file-name handling path, en...

Download dialog spoofing using Content-Disposition header — Mozilla

Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...

Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers

Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...

CVE-2001-0727

Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."...