CVE-2004-0310

Cross-site scripting XSS vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url...

Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass

Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass source: https://www.securityfocus.com/bid/11726/info A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in...

CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

Opera < 7.50 onUnload Address Bar Spoofing

The remote host is using Opera - an alternative web browser. This version of Opera is vulnerable to a security weakness that may permit malicious web pages to spoof address bar information. This is reportedly possible through malicious use of the JavaScript 'unOnload' event handler when the brows...

CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

CVE-2004-0478

Unknown versions of Mozilla allow remote attackers to cause a denial of service high CPU/RAM consumption using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U...

MSIE.printer.txt

Ben Garvey Application: Microsoft Internet Explorer Versions: 6.0 Platforms: Windows Bugs: IE 6 allows JavaScript to send documents to the printer without prompting the user. Exploitation: Client Date: 12 April 2004 Author: Ben Garvey [email protected] http://www.bengarvey.com Bugtraq report...

Eudora 6.0.3 (Windows) - Attachment Spoofing

!/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.0.3 on Windows spoof, LaunchProtect\n"; print "MIME-Version: 1.0\n"; print "Content-Type: multipart/mixed; boundary="zzz"\n"; print "\n"; print "This is a multi-part message in MIME format.\n";...

Microsoft Outlook 2002 - Mailto Quoting Zone Bypass

Microsoft Outlook 2002 - Mailto Quoting Zone Bypass source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer t...

Microsoft Outlook 2002 - &#039;Mailto&#039; Quoting Zone Bypass

source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This is...

Microsoft Internet Explorer - URL Injection in History List (MS04-004)

Microsoft Internet Explorer - URL Injection in History List MS04-004 // Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands. // This demo simply creates a...

MSIE-&gt;NAFfileJPU

NAFfileJPU tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/NAFfileJPU/NAFfileJPU-MyPage.HTM or http://umbrella.mx.tc ---...

PBLang Cross Site Scripting Vulnerability &#40;Newest version&#41;

PBLang is a PHP-base forum. A security hole has just found in this product allows an attacker to steals cookies or does many things… |--------------------------------------------| Vulnerable systems: PBLang Forum Version: 4.56 4.5 RC 2 Website: http://pblang.drmartinus.de/ Problem: Cross Site...

Netscape 7.0 - JavaScript Regular Expression Denial of Service

source: https://www.securityfocus.com/bid/6959/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when executing certain JavaScript methods. If a malicious page containing a specially crafted JavaScript regular expression method is viewed the...

Microsoft Pocket Internet Explorer 3.0 - Denial of Service

Microsoft Pocket Internet Explorer 3.0 - Denial of Service source: https://www.securityfocus.com/bid/6507/info A denial of service vulnerability has been reported for Pocket Internet Explorer PIE. The vulnerability is due to the way some JavaScript code is interpreted by PIE. By enticing a victim...

CVE-2002-0481

An interaction between Windows Media Player WMP and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS Windows Media Skin or other WMP media files, whose onload handlers execute the...

Mozilla 1.01.1 - FTP View Cross-Site Scripting

Mozilla 1.01.1 - FTP View Cross-Site Scripting source: https://www.securityfocus.com/bid/5403/info A cross-site scripting vulnerability in Mozilla has been reported. When viewing the contents of a FTP site as web content from a ftp:// URL, the directory name is included in the HTML representation...

Mozilla cookie stealing - Sandblad advisory #9

Sandblad advisory 9 - ---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Steal/spoof arbitrary cookie in Mozilla Date: 2002-07-24 Software: Mozilla Vendor: http://www.mozilla.org Fix: The author has been working with Mozilla to produce a patch. Problem is fixed in Mozilla 1.1...

CVE-2002-0319

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username...

CVE-2002-0461

Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service application crash via Javascript in a web page that calls location.replace on itself, causing a loop...