5739 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...
CVE-2010-4183
Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...
CVE-2010-3962
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets CSS token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption...
CVE-2010-3962
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets CSS token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption...
CVE-2010-4183
Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...
CVE-2010-4183
HTML Purifier 0.x/1.x up to 4.0.x is affected by CVE-2010-4183. When using Internet Explorer, an attacker can trigger XSS via crafted CSS properties (background-image, background, or font-family) to inject script/HTML. The vulnerability is tied to HTML Purifier before 4.1.0; remediation is to upg...
CVE-2010-3962
CVE-2010-3962 is an uninitialized memory corruption / use-after-free vulnerability in Microsoft Internet Explorer 6–8 (mshtml) triggered via CSS token sequences and the clip attribute, leading to remote code execution. The CVE notes it was exploited in the wild in November 2010. Public details de...
PT-2010-5197
Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8 Description The issue is related to a use-after-free vulnerability that allows remote attackers to execute arbitrary code. This can be achieved through vectors related to Cascading Style Sheets...
Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability
No description provided by source. Title: Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability Author: 4n0nym0us Arash Sa'adatfar Developer: Maxthon International Version:3.0.18 Software Link: http://dl.maxthon.com/mx3/mx3.0.18.1000.exe Tested On: Windows 7 Ultimate 32-bit !/usr/bin/perl my...
Maxthon 3.0.18.1000 CSS Denial of Service
Exploit for windows platform in category dos / poc ========================================= Maxthon 3.0.18.1000 CSS Denial of Service ========================================= Title: Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability Author: 4n0nym0us Arash Sa'adatfar Developer: Maxthon...
Microsoft Internet Explorer CSS Tags Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Microsoft Internet Explorer invalid flag reference vulnerability
Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...
Maxthon 3.0.18.1000 - CSS Denial of Service
Title: Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability Author: 4n0nym0us Arash Sa'adatfar Developer: Maxthon International Version:3.0.18 Software Link: http://dl.maxthon.com/mx3/mx3.0.18.1000.exe Tested On: Windows 7 Ultimate 32-bit !/usr/bin/perl my $file= "Crash.html"; my $junk= "A/" x...
Maxthon 3.0.18.1000 - CSS Denial of Service
Maxthon 3.0.18.1000 - CSS Denial of Service Title: Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability Author: 4n0nym0us Arash Sa'adatfar Developer: Maxthon International Version:3.0.18 Software Link: http://dl.maxthon.com/mx3/mx3.0.18.1000.exe Tested On: Windows 7 Ultimate 32-bit...
FreeBSD : opera -- multiple vulnerabilities (aab187d4-e0f3-11df-b1ea-001999392805)
The Opera Desktop Team reports : - Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. - Fixed an issue where manipulating the window could be used to spoof the page address. - Fixed an issue with reloads and redirect...
Forced Matrix Script Remote Upload Vulnerability
Exploit for php platform in category web applications ================================================ Forced Matrix Script Remote Upload Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\...
CVE-2010-4043
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document...
CVE-2010-4043
Technical details (affected product/version/root cause/impact) for CVE-2010-4043 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2010-4043
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document...
Microsoft Internet Explorer 8 Cross Domain
IE8 Css Cross-Domain Information Disclosure Vulnerability Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2010/10/14 References: http://www.80vul.com/ie8/IE8%20Css%20Cross-Domain%20Information%20Disclosure%20Vulnerability.txt Overview: MS-071 have fixed a Cross-Domain Information...