5228 matches found
User tracking via XUL persist attribute — Mozilla
Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from...
Memory corruption
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...
CVE-2008-4555
Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...
Stack overflow
Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...
Mozilla Firefox Multiple Vulnerability July-08 (Windows)
The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for 1 cached forms and 2 forms with AHAH elements...
CVE-2008-3743
Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for 1 cached forms and 2 forms with AHAH elements...
CVE-2008-3743
Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for 1 cached forms and 2 forms with AHAH elements...
CVE-2008-3743
CVE-2008-3743 affects Drupal 6.x before 6.4. The vulnerability is a CSRF issue caused by improper token validation for cached forms and forms with AHAH elements, enabling remote attackers to perform unspecified actions. The MiracleLinux advisories reference this CVE and indicate remediation by up...
CVE-2008-3743
Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for 1 cached forms and 2 forms with AHAH elements...
CVE-2008-2715
Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns...
CVE-2008-2715
Summary: CVE-2008-2715 is an unspecified vulnerability in Opera prior to 9.5 that could allow remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns. This vulnerability is reflected in multiple advisories (SUSE/OpenSUSE patches; NVD entry) and is add...
Microsoft Windows multiple ActiveX elements security update
Code execution in hxvz.dll...
Code injection
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab...
CVE-2008-1241
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab...
Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of the "by" property...
MS Internet Explorer <= 6.x (IMG / XML elements) Denial of Service
No description provided by source. !-- Discovered by Inge Henriksen [email protected] http://ingehenriksen.blogspot.com/ -- table tr tdIMG align=leftX X X?xml:namespace prefix=v v:X style="HEIGHT:1"/td /tr /table...
tcpdump denial of service
Off-by-one buffer overflow in the parseelements function in the 802.11 printer code print-80211.c for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service crash via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based...
FreeBSD : tikiwiki -- multiple vulnerabilities (20a4eb11-8ea3-11dc-a396-0016179b2dd5)
Secunia reports : Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when...
SonicWall SSL VPN client multiple security vulnerabilities
Multiple vulnerabilities with different ActiveX elements...