CVE-2010-2663

Opera before 10.60 allows remote attackers to cause a denial of service application hang via an ended event handler that changes the SRC attribute of an AUDIO element...

Google Chrome 'IFRAME' Denial Of Service Vulnerability

This host is installed with Google Chrome and is prone to Denial Of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromeiframedosvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome 'IFRAME' Denial Of Service Vulnerability Authors: Antu Sanadi Updated By: Madhuri D on...

Mozilla Firefox浏览器图形src标签启动外部邮件客户端漏洞

CVECAN ID: CVE-2010-0181 Firefox是一款流行的开源WEB浏览器。 如果网页的IMG元素中SRC属性设置为到mailto: URL的重新定向，则Firefox在打开这样的网页时会加载外部的邮件客户端程序。尽管这不会造成安全威胁，但启动过多的应用程序也是一种拒绝服务的情况。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla SeaMonkey 2.0.4 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/...

Microsoft Internet Explorer Unspecified vulnerability

This host is installed with Microsoft Internet Explorer and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbmsieunspecifiedvuln.nasl 5656 2017-03-21 11:03:12Z cfi $ Microsoft Internet Explorer Unspecified vulnerability Authors: Madhuri D Copyright: Copyright c 2010...

CVE-2010-1227

Cross-site scripting XSS vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site...

Design/Logic Flaw

Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."...

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

CVE-2008-5761 affects FlatnuX CMS (aka Flatnuke3). The provided documents describe multiple cross-site scripting (XSS) vulnerabilities: (1) via the mod parameter in the default URI, (2) via the foto parameter to photo.php in the 05_Foto module, and (3) via the name parameter in an insertrecord ac...

Internet Explorer embed tag src extension buffer overflow

Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...

IBM AFP查看器插件SRC属性堆溢出漏洞

BUGTRAQ ID: 29932 IBM的AFP查看器插件允许用户在WEB浏览器中查看AFP文档。 AFP查看器插件在处理文档中的SRC属性时存在堆溢出漏洞，如果用户打开的文档包含有超过1023个字符的超长属性参数的话，就可以触发这个溢出，导致执行任意指令。 IBM AFP Viewer 3.2.1.1 IBM AFP Viewer 2.0.7.1 IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...

Cross site scripting

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...

Cross site scripting

Cross-site scripting XSS vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document...

CVE-2007-2381

The MochiKit framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...