Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service

document.write''; milw0rm.com 2005-10-17...

Local file detection bug found through Adobe SVG Viewer

Hyperdose Security Advisory Name: Local file detection bug found through Adobe SVG Viewer Systems Affected: v3.0 unclear if earlier versions were affected Severity: Low Author: Robert Fly - [email protected] Advisory URL: http://www.hyperdose.com/advisories/H2005-07.txt --Adobe Description--...

Netscape Navigator 7.2 - Infinite Array Sort Denial of Service

Netscape Navigator 7.2 - Infinite Array Sort Denial of Service source: https://www.securityfocus.com/bid/12331/info Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is...

CVE-2004-2219

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake...

Microsoft Internet Explorer - Remote Code Execution

Microsoft Internet Explorer - Remote Code Execution CMDExe - Windows Exploit - Remote code execution with parameters - Proof of ConceptMore info about this exploit can be found at hhttp://freehost19.websamba.com/shreddersub7/expl-discuss.htm. © 2004 ShredderSub7 function DisplayLocStrings...

CVE-2004-1173

Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model DOM methods in the DHTML Dynamic HTML DHTML Editing Component DEC and Javascript that calls showModalDialog...

CVE-2004-0310

Cross-site scripting XSS vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url...

Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass

Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass source: https://www.securityfocus.com/bid/11726/info A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in...

CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

Opera < 7.50 onUnload Address Bar Spoofing

The remote host is using Opera - an alternative web browser. This version of Opera is vulnerable to a security weakness that may permit malicious web pages to spoof address bar information. This is reportedly possible through malicious use of the JavaScript 'unOnload' event handler when the brows...

CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

CVE-2004-0478

Unknown versions of Mozilla allow remote attackers to cause a denial of service high CPU/RAM consumption using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U...

MSIE.printer.txt

Ben Garvey Application: Microsoft Internet Explorer Versions: 6.0 Platforms: Windows Bugs: IE 6 allows JavaScript to send documents to the printer without prompting the user. Exploitation: Client Date: 12 April 2004 Author: Ben Garvey [email protected] http://www.bengarvey.com Bugtraq report...

Eudora 6.0.3 (Windows) - Attachment Spoofing

!/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject: Eudora 6.0.3 on Windows spoof, LaunchProtect\n"; print "MIME-Version: 1.0\n"; print "Content-Type: multipart/mixed; boundary="zzz"\n"; print "\n"; print "This is a multi-part message in MIME format.\n";...

Microsoft Outlook 2002 - Mailto Quoting Zone Bypass

Microsoft Outlook 2002 - Mailto Quoting Zone Bypass source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer t...

Microsoft Outlook 2002 - &#039;Mailto&#039; Quoting Zone Bypass

source: https://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This is...

Microsoft Internet Explorer - URL Injection in History List (MS04-004)

Microsoft Internet Explorer - URL Injection in History List MS04-004 // Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands. // This demo simply creates a...

MSIE-&gt;NAFfileJPU

NAFfileJPU tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo http://www.safecenter.net/liudieyu/NAFfileJPU/NAFfileJPU-MyPage.HTM or http://umbrella.mx.tc ---...

PBLang Cross Site Scripting Vulnerability &#40;Newest version&#41;

PBLang is a PHP-base forum. A security hole has just found in this product allows an attacker to steals cookies or does many things… |--------------------------------------------| Vulnerable systems: PBLang Forum Version: 4.56 4.5 RC 2 Website: http://pblang.drmartinus.de/ Problem: Cross Site...

Netscape 7.0 - JavaScript Regular Expression Denial of Service

source: https://www.securityfocus.com/bid/6959/info It has been reported that Netscape based browsers may be vulnerable to a denial of service condition when executing certain JavaScript methods. If a malicious page containing a specially crafted JavaScript regular expression method is viewed the...