5116 matches found
Invision Power Board 2.x - 'Signature' iFrame Security Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28466/info Invision Power Board IP.Board is prone to a security vulnerability that can aid attackers in social-engineering attacks. Attacker-supplied script code could exploit vulnerabilities in the user's browser or give...
Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29318/info Mozilla Firefox is prone to a remote denial-of-service vulnerability when running certain JavaScript commands on empty applets in an iframe. Successful exploits can allow attackers to crash the affected browser...
Mozilla0.x,Netscape 3/4,Firefox 1.0 JavaScript IFRAME Rendering Denial Of Servic
No description provided by source. source: http://www.securityfocus.com/bid/11823/info Mozilla/Netscape and Firefox browsers are reported prone a remote denial of service vulnerability. It is reported that the affected browsers will crash as a result of a NULL pointer dereference when a JavaScrip...
JavaScriptCore.dll Stack Exhaustion
No description provided by source. html --------------------- Crash Report Problem Event Name: APPCRASH Application Name: Safari.exe Application Version: 5.31.22.7 Application Timestamp: 4b8f94fa Fault Module Name: JavaScriptCore.dll Fault Module Version: 5.31.22.5 Fault Module Timestamp: 4b8cb88...
MS IE 5 IFrame/Frame Cross-Site/Zone Script Execution Vulnerability
No description provided by source...
Invision Power Board 1.x/2.0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12888/info Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of HTML tags, ...
viart shop 4.0.5 - Multiple Vulnerabilities
No description provided by source. Title: ViArt SHOP multiple vulnerabilities Date: 18.11.2010 Author: Ariko-Security Software Link: http://www.viart.com Version: 4.0.5 ============ Ariko-Security - Advisory 2/11/2010 ============= ViArt SHOP multiple vulnerabilities Vendor's Description of...
Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4584/info A denial of service issue has been reported in Microsoft Outlook Express. Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to conta...
Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1224/info The DocumentComplete function in IE does not properly validate origin domains. Therefore it is possible for a remote webserver to gain read access to local files on the machine of any website visitor or email...
Opera Web Browser 7 IFRAME Zone Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8887/info A flaw in the Opera web browsers security model has been discovered that could allow an attacker to access a users filesystem within the Local Zone. The problem occurs when handling malformed HTML iframes which...
Microsoft Internet Explorer 6.0 Resource Detection Weakness
No description provided by source. source: http://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within...
Internet Explorer 9 Memory Corruption Crash PoC
No description provided by source. ?php / Internet Explorer 9 Memory Corruption PoC Exploit Successfully executed with IE9 version 9.0.8112.16421 Discovered by Jean Pascal Pereira [email protected] / settimelimit0; iniset'memorylimit', '300M'; if!fileexistsjunk.htm $string = span id='; for$i = 0;...
Microsoft Internet Explorer 5 Shell: IFrame Cross-Zone Scripting Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/9628/info It has been alleged that Microsoft Internet Explorer is prone to a weakness that may potentially allow for the execution of hostile script code in the context of the My Computer Zone. This issue is related to ho...
[ MDVSA-2014:111 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...
openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)
roundcubemail was updated to 0.9.5 to fix bugs and security issues. Fixed security issues : - CVE-2013-6172: vulnerability in handling session argument of utils/save-prefs New upstream release 0.9.5 bnc847179 CVE-2013-6172 - Fix failing vCard import when email address field contains spaces - Fix...
openSUSE Security Update : opera (openSUSE-SU-2010:0370-1)
Opera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
MGASA-2014-0194 Updated otrs packages fix multiple vulnerabilities
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
Updated otrs packages fix multiple vulnerabilities
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
CVE-2014-2554
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element...