819 matches found
Design/Logic Flaw
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an HTML document with many images, a related issue to CVE-2010-0181...
CVE-2010-1992
Removed by vendor...
CVE-2010-1939
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object...
Design/Logic Flaw
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object...
CVE-2010-1939
Removed by vendor...
Apple Safari window object invalid pointer vulnerability
Overview Apple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Safari fails to properly handle references to window objects. Safari can allow a window object t...
Update Protection against SAP GUI SAPBExCommonResources ActiveX Command Execution
A buffer overflow vulnerability has been reported in SAP GUI, the GUI client in SAP's 3-tier architecture of database, application server and client. The vulnerability exists in the SAP GUI SAPBExCommonResources ActiveX control. The vulnerability may allow remote attackers to execute arbitrary...
HP Operations Manager SourceView ActiveX LoadFile / SaveFile Stack Overflows
The SourceView ActiveX control, a component of HP Operations Manager, installed on the remote Windows host reportedly is affected by buffer overflows that can be triggered by passing specially crafted Unicode strings to the 'LoadFile' or 'SaveFile' methods. If an attacker can trick a user on the...
Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability
The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...
CVE-2010-0181
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an...
CVE-2010-0181
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service excessive application launches via an...
Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
The host is installed with Apple Safari and is prone to Denial Of Service vulnerability OpenVAS Vulnerability Test $Id: gbapplesafariobjecttagdosvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability Authors: Madhuri D Copyright:...
Memory corruption
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service memory corruption...
CVE-2010-0051
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651...
CVE-2010-0050
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via an HTML document with improperly nested tags...
CVE-2010-0051
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651...
Design/Logic Flaw
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via an HTML document with improperly nested tags...
CVE-2010-0045
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document...
Hardcoded credentials
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document...
CVE-2010-0051
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651...