Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service

source: https://www.securityfocus.com/bid/10694/info A denial of service vulnerability is reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render JavaScript that contains an invalid for statement. A remote attacker may exploit this...

CVE-2004-0479

Internet Explorer 6 allows remote attackers to cause a denial of service crash via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference...

Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)

Microsoft Internet Explorer 5 - NavigateAndFind Cross-Zone Policy MS04-004 source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the iss...

CVE-2003-1026

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back back function is called, as demonstrated by BackToFramedJpu, aka th...

CVE-2003-1275

Pocket Internet Explorer PIE 3.0 allows remote attackers to cause a denial of service crash via a Javascript function that uses the object.innerHTML function to recursively call that function...

CVE-2003-1305

Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...

ubbthreads

Не проверял на наличие сообщений о подобной ошибке где либо Вставка javascript в аватор: javascript:alert'На этом форуме есть баги!!!!'.jpg javascript:open'http://forum.com/admin/dograntmod.php?Cat=& NewMod=2644','Give', 'width=1, height=1'.jpg при просмотре сообщения администратором даёт юзеру...

CVE-2003-0284

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus...

Adobe Acrobat does not adequately validate Acrobat JavaScript

Overview Adobe Acrobat contains a vulnerability in its JavaScript parsing engine that could allow an attacker to place arbitrary files on the local file system. Description Different versions of Adobe Acrobat software can create, modify, and read Portable Document Format PDF files. Acrobat...

Phorum 3.4 Cross Site Scripting

Description: It is possible to insert javascript code in a message and execute it. 1. go to a phorum 2. click on new topic 3. enter any name 4. enter any email 5. enter a title in the way like this "scriptalert "Vulnerable";/script 6. enter any text 7. click the preview button 8. click the send...

Mozilla 1.x Opera 7.0 - LiveConnect JavaScript Denial of Service

Mozilla 1.x Opera 7.0 - LiveConnect JavaScript Denial of Service source: https://www.securityfocus.com/bid/7227/info A denial-of-service vulnerability has been reported to affect several browsers. The vulnerability occurs when executing certain malformed JavaScript-enabled pages. An attacker can...

Mozilla 1.x / Opera 7.0 - LiveConnect JavaScript Denial of Service

source: https://www.securityfocus.com/bid/7227/info A denial-of-service vulnerability has been reported to affect several browsers. The vulnerability occurs when executing certain malformed JavaScript-enabled pages. An attacker can exploit this vulnerability by creating a malicious JavaScript pag...

CVE-2002-2424

Cross-site scripting XSS vulnerability in PHPReactor 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag...

CVE-2002-2311

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the...

CVE-2002-0461

Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service application crash via Javascript in a web page that calls location.replace on itself, causing a loop...

CVE-2002-0474

Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag...

Opera 6.0.1 Microsoft Internet Explorer 56 - JavaScript Modifier Keypress Event Subversion

Opera 6.0.1 Microsoft Internet Explorer 56 - JavaScript Modifier Keypress Event Subversion source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious...

Opera 6.0.1 / Microsoft Internet Explorer 5/6 - JavaScript Modifier Keypress Event Subversion

source: https://www.securityfocus.com/bid/5290/info An issue has been reported with the JavaScript implementation of multiple web browsers, including Microsoft Internet Explorer and Opera. Malicious JavaScript may subvert some keypress events, with consequences including the disclosure of arbitra...

Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities

Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/4957/info It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute...

CVE-2002-0346

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to 1 service.cgi or 2 alert.cgi...