8 matches found
SUSE CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
eyeos <= 1.9.0.2 - Stored XSS vulnerability using image files
No description provided by source. Title: eyeOS = 1.9.0.2 Stored XSS vulnerability using image files Product: eyeOS = 1.9.0.2 Author: Alberto Ortega @a0rtega albertoatpentboxdotnet http://securitybydefault.com/ - Summary: A stored XSS vulnerability using image files jpg, png, gif tested affects t...
Oracle Javadoc HTML frame injection vulnerability
Overview Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page. Description...
eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files
eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files Title: eyeOS alert"XSS done"; - Risks and consequences: Malicious users can inject code inside image files malware, browser exploits, etc... to attack other users and compromise the whole system via shared files or internal message...
eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files
Title: eyeOS alert"XSS done"; - Risks and consequences: Malicious users can inject code inside image files malware, browser exploits, etc... to attack other users and compromise the whole system via shared files or internal messages. - Mitigations: Disallow public dirs. Avoid work with images. -...
CVE-2006-6310
Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service crash via an invalid src attribute value "?" in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtain...
Outlook Express 6 - Attachment Security Bypass
Outlook Express 6 - Attachment Security Bypass source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML...
Outlook Express 6 - Attachment Security Bypass
source: https://www.securityfocus.com/bid/3271/info Microsoft Outlook Express 6 contains a new security feature which prevents users from opening potentially harmful file attachments. A vulnerability exists which allows a file embedded within an HTML frame in an email message to bypass the...