Lucene search
+L

125 matches found

exploitpack
exploitpack
added 2009/05/12 12:0 a.m.29 views

Apple Safari 3.2.2 - feed: URI Multiple Input Validation Vulnerabilities

Apple Safari 3.2.2 - feed: URI Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/34925/info Apple Safari is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious website...

0.1AI score
Exploits0
Prion
Prion
added 2009/02/13 12:30 a.m.21 views

Input validation

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."...

10CVSS7.4AI score0.03204EPSS
Exploits1References3
NVD
NVD
added 2008/10/15 12:12 a.m.20 views

CVE-2008-3473

Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Eve...

9.3CVSS7.2AI score0.31692EPSS
Exploits1References9
CVE
CVE
added 2008/10/15 12:0 a.m.59 views

CVE-2008-3472

CVE-2008-3472 affects Microsoft Internet Explorer 6 and 7, part of a set of cross-domain vulnerabilities (HTML Element Cross-Domain, Event Handling Cross-Domain, Cross-Domain Information Disclosure, Uninitialized Memory Corruption, and HTML Objects Memory Corruption). The issues allow remote code...

9.3CVSS8.8AI score0.3258EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2008/10/15 12:0 a.m.58 views

CVE-2008-3473

CVE-2008-3473 and related cross-domain IE vulnerabilities affect Internet Explorer 6/7. Root cause: IE’s incorrect handling of the origin domain/zone for web script (Event Handling Cross-Domain and related) enables remote code execution or information disclosure across domains/zones. Affected: IE...

9.3CVSS8.8AI score0.31692EPSS
Exploits1References9Affected Software1
Symantec
Symantec
added 2008/10/14 12:0 a.m.15 views

Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may...

8AI score
Exploits0Affected Software4
Check Point Advisories
Check Point Advisories
added 2008/10/14 12:0 a.m.15 views

Internet Explorer Cross-Domain Information Disclosure (MS08-058; CVE-2008-3474)

Microsoft Internet Explorer is the most widely used Internet browser. An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to correctly interpret the origin of scripts. An attacker can trigge...

4.3CVSS5.4AI score0.2798EPSS
Exploits1
securityvulns
securityvulns
added 2008/08/14 12:0 a.m.82 views

CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory Information Title: Internet Explorer Zone Elevation Restrictions...

7.1CVSS5.7AI score0.2663EPSS
Exploits1
NVD
NVD
added 2008/08/13 12:41 a.m.37 views

CVE-2008-1448

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...

7.1CVSS6.3AI score0.2663EPSS
Exploits1References11
Cvelist
Cvelist
added 2008/08/13 12:0 a.m.40 views

CVE-2008-1448

The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via...

6.2AI score0.2663EPSS
Exploits1References11
Core Security
Core Security
added 2008/08/13 12:0 a.m.37 views

Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass

Advisory ID Internal CORE-2008-0103 Advisory Information Title: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory ID: CORE-2008-0103 Date published: 2008-08-13 Date of last update: 2008-08-12 Vendors contacted: Microsoft Release mode: Coordinated...

7.1CVSS5.5AI score0.2663EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

7.5CVSS6.8AI score0.01688EPSS
Exploits0References9
seebug.org
seebug.org
added 2008/01/31 12:0 a.m.27 views

Skype Web内容区远程代码执行漏洞

BUGTRAQ ID: 27338 CVECAN ID: CVE-2007-5989 Skype是一款流行的P2P VoIP软件,可提供高质量的语音通讯服务。 Skype的ActiveX控件运行环境设置上存在漏洞,远程攻击者可能利用此漏洞在用户系统上执行任意指令。 Skype使用了Internet Explorer Web控件来渲染HTML内容并提供“add video to mood”和“add video to chat”功能。这些功能都是通过JS/ActiveX接口实现的,允许在IE的Local...

6.8CVSS6.4AI score0.04421EPSS
Exploits1
CVE
CVE
added 2007/10/19 10:0 a.m.56 views

CVE-2003-1378

Technical details for CVE-2003-1378 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins for affected products and fixes.

8.8CVSS7.3AI score0.15583EPSS
Exploits1References4Affected Software2
seebug.org
seebug.org
added 2007/09/11 12:0 a.m.36 views

Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF

No description provided by source. !-- 18.48 01/09/2007 Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager sqldmo.dll remote buffer overflow poc file version: 2000.085.2004.00 product version: 8.05.2004 passing some fuzzy chars to Start method: EAX 00000000 ECX...

7.1AI score
Exploits0
NVD
NVD
added 2007/07/10 7:30 p.m.18 views

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

6.8CVSS6.2AI score0.01966EPSS
Exploits1References45
seebug.org
seebug.org
added 2007/02/16 12:0 a.m.18 views

Internet Explorer IMJPCKSI COM对象实例化内存破坏漏洞(MS07-016)

Internet Explorer是微软发表的非常流行的WEB浏览器。 Internet Explorer使用某些Imjpcksid.dll的COM对象作为ActiveX控件。攻击者可能通过构建特制网页来利用此漏洞,如果用户查看了该网页,则可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/26 12:0 a.m.18 views

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

7.3AI score
Exploits0
Saint
Saint
added 2007/01/15 12:0 a.m.84 views

Microsoft Visual Studio 2005 WMI Object Broker vulnerability

Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...

6.8CVSS6.4AI score0.42846EPSS
Exploits6
Saint
Saint
added 2007/01/15 12:0 a.m.48 views

Microsoft Visual Studio 2005 WMI Object Broker vulnerability

Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...

6.8CVSS6.4AI score0.42846EPSS
Exploits6
Rows per page
Query Builder