72 matches found
Design/Logic Flaw
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...
CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...
CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...
CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...
CVE-2010-0047
CVE-2010-0047 is a use-after-free vulnerability in WebKit used by Apple Safari prior to 4.0.5. The issue arises from vectors related to the HTML object element fallback content, allowing remote attackers to potentially execute arbitrary code or cause a denial of service (application crash). The d...
CVE-2010-0047
Removed by vendor...
CVE-2009-3038
A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion RIM Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service Internet Explorer crash by referencing the control's CLSID in the classid attribute of an OBJECT...
CVE-2009-3038
A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion RIM Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service Internet Explorer crash by referencing the control's CLSID in the classid attribute of an OBJECT...
CVE-2009-1712
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element...
Design/Logic Flaw
Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be...
Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element
Overview Microsoft Internet Explorer IE will execute an HTML Application HTA referenced by the DATA attribute of an OBJECT element if the Content-Type header returned by the web server is set to "application/hta". An attacker could exploit this vulnerability to execute arbitrary code with the...
CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content
More info at https://symfony.com/cve-2026-48761...