125 matches found
Apple Safari 3.2.2 - feed: URI Multiple Input Validation Vulnerabilities
Apple Safari 3.2.2 - feed: URI Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/34925/info Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website...
Input validation
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."...
CVE-2008-3473
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Eve...
CVE-2008-3472
CVE-2008-3472 affects Microsoft Internet Explorer 6 and 7, part of a set of cross-domain vulnerabilities (HTML Element Cross-Domain, Event Handling Cross-Domain, Cross-Domain Information Disclosure, Uninitialized Memory Corruption, and HTML Objects Memory Corruption). The issues allow remote code...
CVE-2008-3473
CVE-2008-3473 and related cross-domain IE vulnerabilities affect Internet Explorer 6/7. Root cause: IE’s incorrect handling of the origin domain/zone for web script (Event Handling Cross-Domain and related) enables remote code execution or information disclosure across domains/zones. Affected: IE...
Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may...
Internet Explorer Cross-Domain Information Disclosure (MS08-058; CVE-2008-3474)
Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to correctly interpret the origin of scripts. An attacker can trigge...
CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory Information Title: Internet Explorer Zone Elevation Restrictions...
CVE-2008-1448
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...
CVE-2008-1448
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
Advisory ID Internal CORE-2008-0103 Advisory Information Title: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory ID: CORE-2008-0103 Date published: 2008-08-13 Date of last update: 2008-08-12 Vendors contacted: Microsoft Release mode: Coordinated...
Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...
Skype Web内容区远程代码执行漏洞
BUGTRAQ ID: 27338 CVECAN ID: CVE-2007-5989 Skype是一款流行的P2P VoIP软件,可提供高质量的语音通讯服务。 Skype的ActiveX控件运行环境设置上存在漏洞,远程攻击者可能利用此漏洞在用户系统上执行任意指令。 Skype使用了Internet Explorer Web控件来渲染HTML内容并提供“add video to mood”和“add video to chat”功能。这些功能都是通过JS/ActiveX接口实现的,允许在IE的Local...
CVE-2003-1378
Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.
Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF
No description provided by source. !-- 18.48 01/09/2007 Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager sqldmo.dll remote buffer overflow poc file version: 2000.085.2004.00 product version: 8.05.2004 passing some fuzzy chars to Start method: EAX 00000000 ECX...
CVE-2007-3656
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...
Internet Explorer IMJPCKSI COM对象实例化内存破坏漏洞(MS07-016)
Internet Explorer是微软发表的非常流行的WEB浏览器。 Internet Explorer使用某些Imjpcksid.dll的COM对象作为ActiveX控件。攻击者可能通过构建特制网页来利用此漏洞,如果用户查看了该网页,则可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4...
JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone
Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...
Microsoft Visual Studio 2005 WMI Object Broker vulnerability
Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...
Microsoft Visual Studio 2005 WMI Object Broker vulnerability
Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...