819 matches found
CVE-2007-3930
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting XSS attacks when spellchecking UTF-8 encoded messages via the spellutf8test function in lib/exe/spellcheck.php, which...
Design/Logic Flaw
The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document...
CVE-2007-3788
The vulnerability CVE-2007-3788 affects the eSoft InstaGate EX2 UTM device, where the admin password is stored within the settings HTML document. This exposes a risk that an attacker who can read that document may obtain sensitive information, potentially compromising confidentiality and integrit...
Apple Safari cross-domain HTTP redirection race condition
Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...
Apple Safari 3 for Windows - Document.Location Denial of Service
Apple Safari 3 for Windows - Document.Location Denial of Service source: https://www.securityfocus.com/bid/24499/info Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing...
Apple Safari 3.0.1 for Windows - Corefoundation.dll Denial of Service
Apple Safari 3.0.1 for Windows - Corefoundation.dll Denial of Service source: https://www.securityfocus.com/bid/24497/info Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing...
Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service
source: https://www.securityfocus.com/bid/24497/info Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful...
Microsoft Windows Win32 API Code Execution (MS07-035; CVE-2007-2219)
Microsoft Win32 API application programming interface provides 32-bit services used by all Windows-based applications.A remote code execution vulnerability has been reported in the Microsoft Windows implementation of Win32 API.Remote attacker could exploit this issue by convincing a user to visit...
US-CERT Technical Cyber Security Alert TA07-151A -- Mozilla Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-151A Mozilla Updates for Multiple Vulnerabilities Original release date: May 31, 2007 Last revised: -- Source: US-CERT Systems Affected Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonk...
Media Technology Group CDPass ActiveX control stack buffer overflows
Overview The Media Technology Group CDPass ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Media Technology Group CDPass is software that provides bonus content for music CDs...
Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
Description Symantec Norton Antivirus ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits will allow attackers to execute arbitrary code in the context of th...
Mozilla Firefox 2.0.0.3 - Href Denial of Service
source: https://www.securityfocus.com/bid/23747/info Firefox is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits can allow attackers to crash the affected browser,...
Second Sight Software ActiveMod ActiveX control stack buffer overflow
Overview The Second Sight Software ActiveMod ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveMod is a music player that is provided as an ActiveX control...
Second Sight Software ActiveGS ActiveX control stack buffer overflows
Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...
Preemptive Protection against Mozilla Firefox Cross Domain Scripting Vulnerability
A cross-domain vulnerability has been reported in Firefox and in SeaMonkey - Mozilla based browsers. Mozilla SeaMonkey is a free, open source, and cross-platform Internet suite. Mozilla Firefox is a cross-platform popular web browser. A remote attacker could exploit this vulnerability to compromi...
CVE-2007-0325
CVE-2007-0325 is a remote buffer overflow in Trend Micro OfficeScan’s Web-Deployment SetupINICtrl ActiveX control (OfficeScanSetupINI.dll, SetupINICtrl) used by OfficeScan Web deployment. The flaw affects OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client/Server/Messag...
Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control buffer overflows
Overview The Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control contains multiple buffer overflows, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Trend Micro OfficeScan comes with a web-based administration console that makes use...
Null pointer dereference
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving...
Buffer overflow
Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WSFTP 2007 Professional allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors...
Apple WebKit build 18794 - WebCore Remote Denial of Service
Apple WebKit build 18794 - WebCore Remote Denial of Service source: https://www.securityfocus.com/bid/22059/info Apple WebKit is prone to a denial-of-service vulnerability. Attackers may exploit this issue by enticing victims into opening a malicious HTML document with an application using the...