5709 matches found
Microsoft Internet Explorer 7 - CSS Width Element Denial of Service
source: https://www.securityfocus.com/bid/21466/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote...
Sun Java系统服务器嵌入式HTTP请求处理漏洞
Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Application Server在处理HTTP请求时存在漏洞,远程攻击者可能利用此漏洞执行各种攻击。 如果Sun Java System Application Server或Sun Java System Web Server使用Sun Java System Proxy Server的话,由于未能正确地实现HTTP/1.1...
Microsoft IE HTML渲染内存破坏漏洞(MS06-067)
Internet Explorer是一款非常流行的WEB浏览器。 Internet Explorer在解析HTML CSS的float属性时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果处理了HTML页面中的特制div标签的话,就会触发内存破坏,导致执行任意代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 将Internet和本地Intranet安全区域设置设为“高”,以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。 将Internet...
[Full-disclosure] ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-041.html November 14, 2006 -- CVE ID: CVE-2006-4687 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 6 -- TippingPointTM IPS Customer...
Microsoft Windows daxctle.ocx and HTML parsing buffer overflows
DirectAnimation.PathControl ActiveX control KeyFrame method heap overflow. Buffer overflow in CSS Floatproperty. May be used for hidden malware installation...
CVE-2006-4687
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."...
Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CS...
hotmail_xss.txt
Adivisory Name : Hotmail and Windows Live Mail XSS Vulnerabilities Release Date : 2006.11.03 Test On : Microsoft IE 6.0 Discover : Cheng Peng Suapplesoupatgmail.com Introduction: Hotmail and Windows Live Mail are both web-based e-mail services by Microsoft. Details: Hotmail's filter identifies...
Stanford university SCARF user editing
vendor:Someone at Stanford university site:http://sourceforge.net/projects/scarf/ vuln: There is no admin check on the file generaloptions.php So anyone can go in and make some changes. One thing to do would be create a user, then go into general options and change your user to an admin. You can...
CVE-2006-5712
Cross-site scripting XSS vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets CSS function, as demonstrated using the width style for an IMG element...
CVE-2006-5712
Cross-site scripting XSS vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets CSS function, as demonstrated using the width style for an IMG element...
CVE-2006-5712
Technical details (affected product/version, root cause, impact, or remediation) are not publicly provided in the connected documents for CVE-2006-5712. Monitor for updates.
CVE-2006-5652
Cross-site scripting XSS vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets CSS function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related ...
Microsoft Internet Explorer CSS导入跨域限制绕过漏洞(MS06-021)
Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer在处理CSS文件时存在漏洞,远程攻击者可能利用此漏洞获取用户敏感信息。 Internet Explorer不能正确的解析CSS文件,导致可能导入无效的CSS文件。这样用户就可能错误的将远程站点的HTML和脚本代码做为CSS文件导入,允许攻击者读取敏感信息。 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0...
Microsoft IE多个CSS导入内存破坏漏洞(MS06-042)
Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Microsoft Internet Explorer在处理样式表中的导入时存在问题,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果对样式表集使用了多个导入的话,就可能出现不正确的垃圾收集(garbage collection)。攻击者可以在HTML文档中创建一系列CSS导入,如果用户用IE打开了该文档就会导致内存破坏和代码执行。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft...
Microsoft IE HTML布局和定位内存破坏漏洞(MS06-042)
Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer解析带有特定布局定位组合的HTML的方式中存在内存破坏漏洞,成功利用此漏洞的攻击者可以完全控制受影响的系统。 由于没有正确的处理CSS类值,通过document.getElementByID访问特制的CSS元素就会触发这个漏洞。攻击者可能通过构建特制网页来利用此漏洞,如果用户查看了该网页,则可能允许远程执行代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 临时解决方法:...
Flatnuke 2.5.8 (userlang) Local Inclusion / Delete All Users Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- Flatnuke 2.5.8 "userlang" arbitrary local inclusion/delete all users exploit by rgod [email protected] site: http://retrogod.altervista.o...
CVE-2006-4888
CVE-2006-4888 affects Microsoft Internet Explorer 6 and earlier. The issue is a DoS vulnerability where a CSS-formatted HTML INPUT element inside a DIV larger than the INPUT can cause an application hang. Connected sources (Red Hat, NVD, CVE listings) confirm the same description. No concrete rem...
ppalCart.txt
+-------------------------------------------------------------------- + + ppalCart V2.5 EE Remote File Inclusion + +------------------------------------------------------------------- + + Affected Software .: Software + Version .............: ppalCart 2.5 EE + Venedor ...........:...
CVE-2006-3451
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets CSS, which allows remote attackers to execute arbitrary code via unspecified vectors...