8250 matches found
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
GLSA-200804-28 : JRockit: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200804-28 JRockit: Multiple vulnerabilities Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Impact : A remote attacker could entice a user to run a specially crafted...
SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5182)
IBM Java 1.4.2 was updated to SR10 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant...
SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)
IBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself...
openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5132)
Sun Java was updated to 1.6.0u5 to fix following security vulnerabilities : - CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
Design/Logic Flaw
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...
CVE-2008-1544
CVE-2008-1544 relates to Internet Explorer (IE) 5.01/6/7 where setRequestHeader can bypass header-safety checks, enabling HTTP request splitting/smuggling, host/Referer manipulation, and potential same-origin policy bypass. Microsoft’s connected documentation confirms a fix via MS08-031 (Cumulati...
PT-2008-3103 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 7 Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer does not block dangerous HTTP request headers when certain 8-bit character sequences are...
VulnCheck KEV: CVE-2008-1092
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026...
Critical: Red Hat Security Advisory: java-1.5.0-sun security update
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
CVE-2008-1192
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
CVE-2008-1192
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
CVE-2008-1192
CVE-2008-1192 concerns the Java Plug-in for Sun JDK/JRE and related SDK/JRE versions (Sun JRE/JDK 6 Update 4 and earlier; 5.0 Update 14 and earlier; 1.4.2_16 and earlier; 1.3.1_21 and earlier) and allows remote attackers to bypass the same origin policy and “execute local applications” via unknow...
CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
DEBIAN-CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
Mozilla Foundation Security Advisory 2008-03
Mozilla Foundation Security Advisory 2008-03 Title: Privilege escalation, XSS, Remote Code Execution Impact: Critical Announced: February 7, 2008 Reporter: mozbugra4, Boris Zbarsky Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0.12 SeaMonkey 1.1.8 Descriptio...