Lucene search
K

100 matches found

Zero Day Initiative
Zero Day Initiative
added 2016/09/16 12:0 a.m.33 views

Microsoft Edge CTreePos Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw relates to how Edge handles tex...

6.8CVSS2AI score0.14985EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/09/16 12:0 a.m.34 views

Microsoft Edge TextNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw relates to how Edge handles tex...

6.8CVSS2.1AI score0.14238EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/01/12 12:0 a.m.36 views

Microsoft Edge TextData Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose the contents of memory on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS8.2AI score0.39413EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2015/11/05 5:59 a.m.29 views

CVE-2015-7190

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML document...

5CVSS7.1AI score0.01274EPSS
Exploits0References2
Prion
Prion
added 2015/11/05 5:59 a.m.17 views

Design/Logic Flaw

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML document...

5CVSS6.4AI score0.01274EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2015/08/28 3:59 p.m.20 views

CVE-2015-6266

The guest portal in Cisco Identity Services Engine ISE 3300 1.20.899 does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045...

5CVSS6AI score0.01591EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/08/28 2:0 p.m.25 views

CVE-2015-6266

The guest portal in Cisco Identity Services Engine ISE 3300 1.20.899 does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045...

6AI score0.01591EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2015/08/11 12:0 a.m.32 views

Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

6.8CVSS6.5AI score0.18071EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2015/08/11 12:0 a.m.29 views

Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

6.8CVSS6.5AI score0.18071EPSS
Exploits0References1
NVD
NVD
added 2015/07/29 1:59 a.m.16 views

CVE-2015-2974

LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file...

5CVSS6.7AI score0.01344EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2015/07/21 12:0 a.m.50 views

XPCOM - Race Condition

XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: http://www.mozilla.org/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular software. The xpcom libra...

2.6CVSS6.6AI score0.03394EPSS
Exploits2
Cvelist
Cvelist
added 2015/07/10 5:0 p.m.28 views

CVE-2015-2963

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

8.5AI score0.02121EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2015/05/14 12:0 a.m.30 views

Adobe/Apache Flex ASDoc Tool XSS

The remote web server contains one or more HTML documents created with an unpatched version of the Adobe/Apache Flex ASDoc tool that is potentially affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input. %NASLMINLEVEL 70300 C Tenable Network Security, In...

4.3CVSS5.1AI score0.07049EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Microsoft Indexing Services for Windows 2000 File Verification Vulnerability

No description provided by source. source : http://www.securityfocus.com/bid/1933/info Microsoft Windows 2000 Indexing Services is a search engine that will allow a user to perform full-text searches of online sites using their browsers. Search results include Word, Excel, PowerPoint, and HTML...

7.1AI score
Exploits0
NVD
NVD
added 2012/09/20 9:55 p.m.16 views

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document...

4.3CVSS5.9AI score0.0173EPSS
Exploits0References5
Cvelist
Cvelist
added 2012/09/20 9:0 p.m.21 views

CVE-2012-3713

Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document...

6AI score0.0173EPSS
Exploits0References5
CISA
CISA
added 2012/09/19 12:0 a.m.23 views

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2757760 to address a vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted HTML documents e.g., a web page or an HTML email message or attachmen...

9.3CVSS1.8AI score0.81716EPSS
Exploits8References5
OpenVAS
OpenVAS
added 2012/08/10 12:0 a.m.32 views

Debian Security Advisory DSA 2506-1 (libapache-mod-security)

The remote host is missing an update to libapache-mod-security announced via advisory DSA 2506-1. OpenVAS Vulnerability Test $Id: deb25061.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2506-1 libapache-mod-security Authors: Thomas Reinke Copyright:...

4.3CVSS0.4AI score0.03303EPSS
Exploits2
Cvelist
Cvelist
added 2012/08/06 4:0 p.m.24 views

CVE-2012-4142

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted document...

5.3AI score0.01161EPSS
Exploits0References5
Rows per page
Query Builder