CVE-2004-1199

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service application crash from memory exhaustion, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...

CVE-2004-1199

CVE-2004-1199 affects Safari 1.2.4 on Mac OS X 10.3.6. The vulnerability allows a remote attacker to trigger a denial-of-service (application crash due to memory exhaustion) by sending JavaScript that repeatedly creates nested arrays and then sorts them. This summary is supported by multiple sour...

Google Toolbar 1.1.x - About.HTML HTML Injection

Google Toolbar 1.1.x - About.HTML HTML Injection source: https://www.securityfocus.com/bid/11210/info Google Toolbar is reported prone to a HTML injection vulnerability. It is reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML and JavaScript code. This vulnerability m...

Moodle XSS Vulnerability

Moodle XSS Vulnerability 13.07.04 Vendor: Moodle URL: http://moodle.org/ Version: Moodle 1.3.2+, Moodle 1.4 dev Risk: XSS Description: "Moodle is a course management system CMS - a software package designed to help educators create quality online courses." See http://moodle.org/ for a detailed...

MS Internet Explorer Remote Wscript.Shell Exploit

Exploit for unknown platform in category remote exploits ================================================= MS Internet Explorer Remote Wscript.Shell Exploit ================================================= ----------------------------------------------------- default.htm...

IMP Content-Type Header XSS

The remote server is running at least one instance of IMP whose version number is between 2.0 and 3.2.3 inclusive. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code simply by reading a MIME messa...

Horde IMP IMP_MIME_Viewer_html Class XSS

The remote server is running at least one instance of IMP whose version number is between 3.0 and 3.2.1 inclusive. Such versions are vulnerable to several cross-scripting attacks whereby an attacker can cause a victim to unknowingly run arbitrary JavaScript code simply by reading an HTML message...

DSA-355 gallery - cross-site scripting

Bulletin has no description...

CVE-2002-2101

Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag...

Microsoft Internet Explorer 5.56.0 - History List Script Injection

Microsoft Internet Explorer 5.56.0 - History List Script Injection source: https://www.securityfocus.com/bid/4505/info A vulnerability has been reported in some versions of Internet Explorer. It is possible to inject JavaScript code into the browser history list, and execute it within any page...

Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)

Using some informations posted on Bugtraq in this week, I found a very simple way to exploit "download&execution" of an .EXE file, directly from Outlook Express. This is my report: When an HTML page attached into a message, is started, it runs in the security zone of "Temporary Internet Files" TI...

CGIWrap 2.x3.x - Cross-Site Scripting

CGIWrap 2.x3.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/3081/info CGIWrap is a free, open-source program for running CGI securely. CGIWrap does not filter embedded scripting commands from user-supplied input. A web user may submit a malicious link into any form which...

OReilly Software WebBoard 4.10.30 - Pager Hostile JavaScript

OReilly Software WebBoard 4.10.30 - Pager Hostile JavaScript source: https://www.securityfocus.com/bid/2814/info O'Reilly WebBoard is a conferencing utility, forum, threaded discussion and real-time chat server. Versions of WebBoard are vulnerable to a JavaScript code execution bug which may allo...

Microsoft Internet Explorer 5.5 ASCII equivalent of "%01" security vulnerability....

The following security vulnerability has been found in Microsoft Internet Explorer version 5.5 When "
" an undisplayable character, which is eaqual to the 1st caharacter in ASCII table - after the 0th... inserted in some strategic position in Javascript code ,it is possible to access to local fil...

PT-2000-1070 · Microsoft · Hotmail

Name of the Vulnerable Software and Affected Versions: Hotmail affected versions not specified Description: The issue concerns the improper filtering of JavaScript code from a user's mailbox. This allows a remote attacker to execute JavaScript code by using hexadecimal codes to specify the...

browser.bookmarks.txt

Date: Sun, 9 May 1999 17:34:10 +0300 From: Georgi Guninski To: [email protected] Subject: Bookmarks security vulnerabilities in both Internet Explorer 5.0 and Netscape Communicator 4.51 Win95 There is a design flaw in both Internet Explorer 5.0 and Netscape Communicator 4.51 Win95 guess all 4....

netscape.title.tag.about.txt

Date: Mon, 24 May 1999 14:24:13 +0300 From: Georgi Guninski To: [email protected] Subject: Netscape Communicator JavaScript in security vulnerability There is a security bug in Netscape Communicator 4.6 Win95, 4.07 Linux guess all 4.x versions are affected in the way they treat JavaScript code...

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically without user confirmation based on network responses provided by an adversary e.g., an adversary who controls the local Wi-Fi network, and subsequently loads untrusted JavaScript code, which may lead to resource consumptio...

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...