Lucene search
K

856 matches found

securityvulns
securityvulns
added 2006/04/27 12:0 a.m.31 views

[Full-disclosure] Internet Explorer User Interface Races, Redeux

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Microsoft Internet Explorer User Interface Race Condition I. SYNOPSIS Affected Systems: Windows 98 Windows 98 Second Edition Windows Millennium Edition Windows 2000 Windows XP Windows Server 2003 Risk: Medium Impact: Remote code execution some...

5CVSS0.01373EPSS
Exploits0
Cvelist
Cvelist
added 2006/02/24 10:0 p.m.25 views

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

5.8AI score0.07066EPSS
Exploits1References41
Debian CVE
Debian CVE
added 2006/02/24 10:0 p.m.27 views

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

9.3CVSS6.1AI score0.07066EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2006/02/05 12:0 a.m.25 views

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:033)

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this...

4.6CVSS5.3AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 2006/01/09 11:0 p.m.46 views

CVE-2005-4636

OpenOffice.org 2.0 and earlier is affected. When hyperlinks are disabled, the Hyperlink dialog’s WWW-browser button can be clicked, potentially bypassing intended security settings and enabling user trickery. This CVE is documented across multiple sources (Red Hat, SUSE, Mandrake/Mandriva, Ubuntu...

4.6CVSS6.5AI score0.00371EPSS
Exploits0References3Affected Software1
CERT
CERT
added 2005/12/02 12:0 a.m.30 views

Sun Java Runtime Environment applet privilege escalation vulnerability

Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...

7.5CVSS7.3AI score0.04632EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.24 views

Singapore MD5 Administrative Password Disclosure

Singapore is a PHP based photo gallery web application. Due to inaddequate security settings, the file used to stored the administrative password is easily accessible, and the MD5 with which the product protects the password is feasibably crackable. SPDX-FileCopyrightText: 2004 Noam Rathaus Some...

7.4AI score
Exploits0
CVE
CVE
added 2005/10/06 4:0 a.m.46 views

CVE-2005-3171

CVE-2005-3171 affects Microsoft Windows 2000 before Update Rollup 1 for SP4. The issue occurs when Event ID 1704 is recorded to indicate that Group Policy security settings were updated, even if the processing fails (for example, Ntuser.pol cannot be accessed). This may cause administrators to be...

4.6CVSS6.9AI score0.01224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/10/06 4:0 a.m.21 views

CVE-2005-3171

Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is...

6.5AI score0.01224EPSS
Exploits0References2
Symantec
Symantec
added 2005/06/14 12:0 a.m.24 views

Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability

Description Microsoft Internet Explorer is prone to an unspecified vulnerability in the DigWebX ActiveX control. The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the control. Technologies Affect...

7AI score
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2005/02/01 12:0 a.m.65 views

SSL - General Settings (CVE-2003-0719; CVE-2004-0826)

SSL Protections use a SSL protocol parser which uses a default port of TCP/443, but this port can be reconfigured...

7.5CVSS6.3AI score0.83412EPSS
Exploits9
Packet Storm
Packet Storm
added 2004/03/31 12:0 a.m.24 views

ieBad.txt

Wednesday, March 31, 2004 This is somewhat disconcerting. Reference the recently disclosed Internet Explorer 'bug' presently in the wild original discussion: http://www.securityfocus.com/archive/1/358813 with additional input buried thereunder in subsequent threads allowing for complete remote...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/02/03 12:0 a.m.31 views

apache local protection bypass

It's possible to bypass few security settings with ErrorDocument...

1.7AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2003/07/09 12:0 a.m.53 views

CSSoft-EZTRansI-Eng.txt

STG Security Advisory: SSA-20030701-03 ChangshinSoft ezTrans Server File Download Vulnerability Revision 1.1 Date Published: 2003-07-08 KST Last Update: 2003-07-08 Disclosed by SSR Team [email protected] Synopsis ======== ezTrans Server, used by famous portal sites in Korea, is a real-time...

7.4AI score
Exploits0
CVE
CVE
added 2003/04/02 5:0 a.m.77 views

CVE-2002-0493

CVE-2002-0493 affects Apache Tomcat where the web.xml parsing could proceed with errors and allow Tomcat to start with improper security settings, bypassing intended access restrictions. Affected component: Tomcat startup/security settings during web.xml read. Root cause described across sources ...

7.5CVSS6.6AI score0.03804EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2002/09/09 12:0 a.m.33 views

Vulnerabilities in Microsoft's Java implementation

OVERVIEW ======== Microsoft Internet Explorer comes with Java virtual machine and accompanying class packages. Multiple security vulnerabilities have been found in the Java environment. Some of these allow an attacker to deliver and run arbitrary code on the Internet Explorer or Outlook user's...

0.1AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.28 views

CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions...

7.5CVSS6.5AI score0.03804EPSS
Exploits0References6
CERT
CERT
added 2002/06/25 12:0 a.m.17 views

Mandrake Security may make unexpected system modifications

Overview The Mandrake Security utility included with Mandrake Linux may make unexpected modifications that affect system security. Description Mandrake Linux includes a tool named Mandrake Security msec that allows system administrators to manage and audit various system parameters associated wit...

7AI score
Exploits0References3
CERT
CERT
added 2002/05/08 12:0 a.m.15 views

AOL Instant Messenger installer adds "http://free.aol.com" to Trusted Sites Zone in Microsoft Internet Explorer

Overview The installer for AOL Instant Messenger contains a vulnerability that weakens the security settings of Microsoft Internet Explorer. Description There is a vulnerability in the installer for AOL Instant Messenger AIM that silently adds "http://free.aol.com" to the list of Trusted Sites in...

7.3AI score
Exploits0References2
securityvulns
securityvulns
added 2002/03/22 12:0 a.m.30 views

How Outlook 2002 can still execute JavaScript in an HTML email message

Hello, Windows Media Player WMP reintroduces the ability to automatically execute JavaScript code from an HTML email message in Outlook 2002. JavaScript is disabled by default in Outlook 2002, because it can facilitate the creation of worms and other malicious code which is carried by HTML email...

7AI score
Exploits0
Rows per page
Query Builder