48 matches found
EUVD-2002-1278
Malware in sbrugna...
EUVD-2010-0079
Malware in sbrugna...
CVE-2023-2587
Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...
CVE-2023-2587
Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...
SUSE CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...
SUSE CVE-2010-1813
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving HTML object outlines...
Microsoft Silverlight Double Dereference Vulnerability
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application...
WebKit: UXSS through HTMLObjectElement::updateWidget(CVE-2017-2493)
When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins ... String url = this-url; ... if !allowedToLoadFrameURLurl return;...
HTML Object
The scanner detected one or more HTML object tags. This tag is used to embed multimedia like audio, video, Java applets, ActiveX, PDF and Flash in HTML pages. No source data...
MS IE 5/6 OBJECT Tag Same Origin Policy Violation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5196/info Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a w...
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
This module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field,...
Internet Explorer deleted html object Use After Free (MS13-047; CVE-2013-3111)
A use after free vulnerability has been reported in Internet Explorer...
CVE-2013-0074
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."...
CVE-2013-0074
CVE-2013-0074 (Microsoft Silverlight) affects Silverlight 5 and the 5 Developer Runtime prior to 5.1.20125.0. The root cause is improper validation of pointers during HTML object rendering, leading to a pointer-dereference memory corruption that can allow remote code execution via a crafted Silve...
CVE-2013-0074
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."...
Apple QuickTime Multiple Vulnerabilities - Nov12 (Windows)
This host is installed with Apple QuickTime and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplequicktimemultvulnnov12win.nasl 5931 2017-04-11 09:02:04Z teissa $ Apple QuickTime Multiple Vulnerabilities - Nov12 Windows Authors: Rachana Shetty Copyright: Copyright c 20...
Memory corruption
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."...
Internet Explorer HTML Object use after free Memory Corruption (MS10-090; CVE-2010-3340)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted. To trigger this...
CVE-2010-1813
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving HTML object outlines...
CVE-2010-1813
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving HTML object outlines...