856 matches found
[Full-disclosure] Internet Explorer User Interface Races, Redeux
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Microsoft Internet Explorer User Interface Race Condition I. SYNOPSIS Affected Systems: Windows 98 Windows 98 Second Edition Windows Millennium Edition Windows 2000 Windows XP Windows Server 2003 Risk: Medium Impact: Remote code execution some...
CVE-2006-0884
The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...
CVE-2006-0884
The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...
Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:033)
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this...
CVE-2005-4636
OpenOffice.org 2.0 and earlier is affected. When hyperlinks are disabled, the Hyperlink dialog’s WWW-browser button can be clicked, potentially bypassing intended security settings and enabling user trickery. This CVE is documented across multiple sources (Red Hat, SUSE, Mandrake/Mandriva, Ubuntu...
Sun Java Runtime Environment applet privilege escalation vulnerability
Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...
Singapore MD5 Administrative Password Disclosure
Singapore is a PHP based photo gallery web application. Due to inaddequate security settings, the file used to stored the administrative password is easily accessible, and the MD5 with which the product protects the password is feasibably crackable. SPDX-FileCopyrightText: 2004 Noam Rathaus Some...
CVE-2005-3171
CVE-2005-3171 affects Microsoft Windows 2000 before Update Rollup 1 for SP4. The issue occurs when Event ID 1704 is recorded to indicate that Group Policy security settings were updated, even if the processing fails (for example, Ntuser.pol cannot be accessed). This may cause administrators to be...
CVE-2005-3171
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is...
Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability
Description Microsoft Internet Explorer is prone to an unspecified vulnerability in the DigWebX ActiveX control. The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the control. Technologies Affect...
SSL - General Settings (CVE-2003-0719; CVE-2004-0826)
SSL Protections use a SSL protocol parser which uses a default port of TCP/443, but this port can be reconfigured...
ieBad.txt
Wednesday, March 31, 2004 This is somewhat disconcerting. Reference the recently disclosed Internet Explorer 'bug' presently in the wild original discussion: http://www.securityfocus.com/archive/1/358813 with additional input buried thereunder in subsequent threads allowing for complete remote...
apache local protection bypass
It's possible to bypass few security settings with ErrorDocument...
CSSoft-EZTRansI-Eng.txt
STG Security Advisory: SSA-20030701-03 ChangshinSoft ezTrans Server File Download Vulnerability Revision 1.1 Date Published: 2003-07-08 KST Last Update: 2003-07-08 Disclosed by SSR Team [email protected] Synopsis ======== ezTrans Server, used by famous portal sites in Korea, is a real-time...
CVE-2002-0493
CVE-2002-0493 affects Apache Tomcat where the web.xml parsing could proceed with errors and allow Tomcat to start with improper security settings, bypassing intended access restrictions. Affected component: Tomcat startup/security settings during web.xml read. Root cause described across sources ...
Vulnerabilities in Microsoft's Java implementation
OVERVIEW ======== Microsoft Internet Explorer comes with Java virtual machine and accompanying class packages. Multiple security vulnerabilities have been found in the Java environment. Some of these allow an attacker to deliver and run arbitrary code on the Internet Explorer or Outlook user's...
CVE-2002-0493
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions...
Mandrake Security may make unexpected system modifications
Overview The Mandrake Security utility included with Mandrake Linux may make unexpected modifications that affect system security. Description Mandrake Linux includes a tool named Mandrake Security msec that allows system administrators to manage and audit various system parameters associated wit...
AOL Instant Messenger installer adds "http://free.aol.com" to Trusted Sites Zone in Microsoft Internet Explorer
Overview The installer for AOL Instant Messenger contains a vulnerability that weakens the security settings of Microsoft Internet Explorer. Description There is a vulnerability in the installer for AOL Instant Messenger AIM that silently adds "http://free.aol.com" to the list of Trusted Sites in...
How Outlook 2002 can still execute JavaScript in an HTML email message
Hello, Windows Media Player WMP reintroduces the ability to automatically execute JavaScript code from an HTML email message in Outlook 2002. JavaScript is disabled by default in Outlook 2002, because it can facilitate the creation of worms and other malicious code which is carried by HTML email...