Lucene search
K

74 matches found

FreeBSD
FreeBSD
added 2012/11/26 12:0 a.m.37 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 156567 High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. 148638 Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. 155711 Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. 158249 Hi...

7.5CVSS1.4AI score0.04382EPSS
Exploits1References1
NVD
NVD
added 2011/03/18 4:55 p.m.26 views

CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

1.9CVSS6.5AI score0.00375EPSS
Exploits1References2
OSV
OSV
added 2011/03/18 4:55 p.m.6 views

CVE-2010-4758

installer.pl in Open Ticket Request System OTRS before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen...

6.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2009/03/05 2:30 a.m.28 views

CVE-2009-0821

Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service application crash via nested calls to the window.print function, as demonstrated by a window.printwindow.print in the onclick attribute of an INPUT element...

5CVSS5.9AI score0.05292EPSS
Exploits1References1
Cvelist
Cvelist
added 2009/02/04 7:0 p.m.23 views

CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element...

9.2AI score0.01635EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2009/02/04 9:39 a.m.4 views

Firefox local file stealing with SessionStore

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element...

5.4CVSS7.5AI score0.01635EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2009/02/04 12:0 a.m.24 views

CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element...

5.4CVSS7.2AI score0.01635EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/02/03 12:0 a.m.29 views

Microsoft Internet Explorer HTML Form Value DoS Vulnerability

Internet Explorer is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS5.2AI score0.16004EPSS
Exploits1References3
Prion
Prion
added 2009/01/29 7:30 p.m.22 views

Design/Logic Flaw

The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability...

9.3CVSS8.1AI score0.16004EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/11/26 12:0 a.m.259 views

SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)

This update backports the latest security fixes to the Mozilla XULRunner engine. It fixes following security issues : - The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocatio...

10CVSS9.3AI score0.07677EPSS
Exploits1References33
Prion
Prion
added 2008/11/13 11:30 a.m.21 views

Design/Logic Flaw

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

9.3CVSS7.8AI score0.03633EPSS
Exploits0References38Affected Software12
RedHat Linux
RedHat Linux
added 2008/11/13 2:4 a.m.2 views

Mozilla crash and remote code execution in nsFrameManager

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

9.3CVSS7.8AI score0.03633EPSS
Exploits0References4
Prion
Prion
added 2006/02/19 9:2 p.m.28 views

Code injection

Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to lo...

4CVSS6.5AI score0.35319EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2002/05/27 12:0 a.m.48 views

Unauthorized local file access in Opera

Javascript submition of form with input type="file" element doesn't require user intervation...

1.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder