5946 matches found
O'Reilly WebBoard 4.10.30 JavaScript code execution problem
I found following problem in the WebBoard: The Board has a paging function. User A can send a message to user B. User B gets a javascript popup produced with alert with the message from user A. The problem is that user A can close the alert function and so he can execute his javascript code on us...
eSafe Gateway 2.1 - Script-filtering Bypass
eSafe Gateway 2.1 - Script-filtering Bypass source: https://www.securityfocus.com/bid/2750/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply changing the...
[SECURITY] [DSA 051-1] New Netscape packages available
---------------------------------------------------------------------------- Debian Security Advisory DSA 051-1 [email protected] http://www.debian.org/security/ Martin Schulze April 23, 2001 - ---------------------------------------------------------------------------- Package : netscape...
Netscape 4.76 gif comment flaw
Product: Netscape Navigator/Communicator Tested on: 4.76 on Linux and Win98/NT Vendor Contact: Reported 2001-03-22 Problem -------------------------------------------------------- - Overview: The Netscape browser does not escape the gif file comment in the image information page. This allows...
Дырка в Netscape (gif comment scripting)
javascript вставленный в комментарий GIF-файла будет выполнен в контексте локальной машины...
Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure
source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a normal HTML page. The Javascript code...
Дырка в AOL Instant Messenger
При некоторых условиях на компьютере клиента может быть выполнен Javascript/VBScript...
Modifed images can lead to JavaScript/VBScript execution in AIM
Software Effected: AOL Instant Messenger Versions Effected: 4.1 to current including 4.4 alpha, older versions probably effected Details: AOL Instnat Messenger has the ability to embed images into an instant message. The user sends the graphic to the person they wish to show, and the graphic show...
Дырка в Internet Explorer (Media Player ActiveX)
ActiveX-элемент Media Player позволяет выполнение Javascript В контексте локальной машины...
Microsoft Windows Media Player 7.0 - JavaScript URL
source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from within the Windows Media Player ActiveX control...
Microsoft Indexing Service (Windows 2000NT 4.0) - .htw Cross-Site Scripting
Microsoft Indexing Service Windows 2000NT 4.0 - .htw Cross-Site Scripting source: https://www.securityfocus.com/bid/1861/info A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly...
Очередная уязвимость между фреймами в IE через Web Browser Control ActiveX
Метод navigate позволяет выполнение Javascript в контексте локальной машины...
CVE-2000-0081
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jvascript...
CVE-1999-0750
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account...
CVE-2000-0061
CVE-2000-0061 affects Internet Explorer 5. The vulnerability: during window loading, the document’s security zone is not updated until after loading, permitting a remote attacker to execute JavaScript in a different security context while the page is loading. The record indicates a maximum CVSS v...
CVE-2000-0061
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading...
CVE-2000-0081
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jvascript...
CVE-2000-0061
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading...
Microsoft Internet Explorer 4.04.0.15.05.0.15.5 - preview Security Zone Settings Lag
Microsoft Internet Explorer 4.04.0.15.05.0.15.5 - preview Security Zone Settings Lag Microsoft Internet Explorer 4.0 for Windows 3.1/Windows 95,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5 preview,Internet Explorer 4.0.1 for Windows 98/Windows NT...
Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame
Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet Explorer for Unix 5.0 external.NavigateAndFind Cross-Frame Vulnerability source...