8287 matches found
Ucenter Projekt 2.0 - Insecure crossdomain (Cross-Site Scripting)
Ucenter Projekt 2.0 - Insecure crossdomain Cross-Site Scripting ======================================================================================== | Title : Ucenter Projekt 2.0 Insecure crossdomain XSS Vulnerability | Author : indoushka | email : [email protected] | Home :...
Mandriva Update for firefox MDVSA-2010:070-1 (firefox)
Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2010:070-1 firefox Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Google Releases Chrome 4.1.249.1064
Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...
Mandriva Update for firefox MDVSA-2010:070 (firefox)
Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2010:070 firefox Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Mandriva Update for firefox MDVSA-2010:070 (firefox)
Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVSA-2010:070 firefox Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
CVE-2010-0488
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."...
CVE-2010-0494
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document in a situation where the client user drags one browser window across another...
Information disclosure
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."...
Cross site scripting
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document in a situation where the client user drags one browser window across another...
CVE-2010-0494
CVE-2010-0494 is the HTML Element Cross-Domain Vulnerability in Internet Explorer (IE6/6 SP1/7/8) that allows information disclosure when a user drags one IE window across another. The issue affects IE’s handling of cross-domain scripting context and is addressed by Microsoft Security Bulletin MS...
CVE-2010-0494
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document in a situation where the client user drags one browser window across another...
CVE-2010-0488
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."...
EUVD-2010-0519
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."...
CVE-2010-0488
CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...
CVE-2010-0488
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."...
PT-2010-2249 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, and 7 Description: The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. An information disclosure vulnerability...
PT-2010-2254 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted HTML document. This can occur when a user drags one...
Cross site scripting
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors that are specific to each affected plugin...
CVE-2010-0170
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors that are specific to each affected plugin...
CVE-2010-0170
Technical details about CVE-2010-0170 are not provided in the connected documents. Public details appear limited to the initial description in this entry. Monitor for updates and new disclosures in authoritative advisories. The supplied documents do not specify affected products, versions, root c...