RHEL 2.1 : XFree86 (RHSA-2004:152)

Updated XFree86 packages that fix a minor denial of service vulnerability are now available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. Flaws in XFree86 4.1.0 allows local or remote attackers who are able to connect to the X...

security flaw

Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."...

CVE-2004-0093

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure DRI...

CVE-2004-0094

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure DRI...

CVE-2004-0094

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure DRI...

phpGroupWare 0.9.x - 'index.php' HTML Injection

source: https://www.securityfocus.com/bid/12082/info PhpGroupWare is reported to be susceptible to a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and script code would be able to access propertie...

Opera: buffer overflows in 7.11 and 7.20

Background Opera is a multi-platform web browser. Description The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the...

Opera HREF escaped server name overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Opera HREF escaped server name overflow Release Date: 10/20/2003 Application: Opera 7.11, 7.20 Platform: Windows XP/2000 and GNU/Linux 2.4 tested, others may be vulnerable Severity: Remote...

Alan Ward A-Cart 2.0 - MSG Cross-Site Scripting

source: https://www.securityfocus.com/bid/8722/info A-Cart has been reported prone to a cross-site scripting vulnerability. The issue presents itself likely due to a lack of sufficient sanitization performed on data contained in the 'msg' URI parameter that is passed to signin.asp. An attacker...

CPanel 5.05.36.x - Admin Interface HTML Injection

CPanel 5.05.36.x - Admin Interface HTML Injection source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by ...

CVE-2003-0241

The CVE-2003-0241 issue affects FrontRange GoldMine mail agent, specifically versions 5.70 and 6.00 prior to build 30503. The vulnerability arises when HTML is sent to the default browser without labeling the content as untrusted or setting a secure zone, causing IE to render HTML in a less secur...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

EUVD-2003-0111

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233...

CVE-2003-0115

Microsoft Internet Explorer 5.01, 5.5 and 6.0 are affected by CVE-2003-0115 due to improper validation of parameters during third-party rendering, enabling remote script execution. OpenVAS entries identify the issue as part of the IE cumulative patch set (890923) and MS05-020, with guidance that ...

Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion

source: https://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that...

DSA-167 kdelibs - cross site scripting

Bulletin has no description...

CVE-2001-0712

The CVE concerns Internet Explorer’s rendering engine where MIME types are determined by the client rather than the server. This enables remote servers to coax script execution from files whose MIME type would not normally be treated as executable (e.g., .txt, .jpg). Reported impact scores indica...

CVE-2001-0091

CVE-2001-0091 concerns the ActiveX control used to invoke a scriptlet in Internet Explorer 5.0–5.5. The control renders arbitrary file types instead of HTML, enabling an attacker to read arbitrary files. The vulnerability is characterized as a variant of the Scriptlet Rendering issue. Documented ...

CVE-2001-0091

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability...

CVE-2001-0091

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability...