VulnCheck KEV: CVE-2006-0005

Buffer overflow in the plug-in for Microsoft Windows Media Player WMP 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src...

Mozilla Firefox浏览器图形src标签启动外部邮件客户端漏洞

CVECAN ID: CVE-2010-0181 Firefox是一款流行的开源WEB浏览器。 如果网页的IMG元素中SRC属性设置为到mailto: URL的重新定向，则Firefox在打开这样的网页时会加载外部的邮件客户端程序。尽管这不会造成安全威胁，但启动过多的应用程序也是一种拒绝服务的情况。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla SeaMonkey 2.0.4 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/...

Microsoft Internet Explorer Unspecified vulnerability

This host is installed with Microsoft Internet Explorer and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbmsieunspecifiedvuln.nasl 5656 2017-03-21 11:03:12Z cfi $ Microsoft Internet Explorer Unspecified vulnerability Authors: Madhuri D Copyright: Copyright c 2010...

Mozilla Foundation Security Advisory 2010-23

Mozilla Foundation Security Advisory 2010-23 Title: Image src redirect to mailto: URL opens email editor Impact: Low Announced: March 30, 2010 Reporter: Henry Sudhof Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.2 Firefox 3.5.9 SeaMonkey 2.0.4 Description phpBB developer Henry Sudhof reporte...

CVE-2010-1227

Cross-site scripting XSS vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site...

FreeBSD : mozilla -- multiple vulnerabilities (9ccfee39-3c3b-11df-9edc-000f20797ede)

Mozilla Project reports : MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-...

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-24 XMLDocument::load doesn't check nsIContentPolicy MFSA 2010-23 Image src redirect to mailto: URL opens email editor MFSA 2010-22 Update NSS to support TLS renegotiation indication MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy MFSA 2010-2...

CVE-2010-1176

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no...

Design/Logic Flaw

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no...

Design/Logic Flaw

Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."...

Debian DSA-2008-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory. %NASLMINLEV...

CVE-2009-4652

The CVE concerns ngIRCd (versions 13–14). When SSL/TLS is enabled and standalone mode is disabled, the functions Conn_GetCipherInfo and Conn_UsesSSL in src/ngircd/conn.c can allow remote attackers to trigger a denial of service (application crash) by sending the MOTD command from another server o...

CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability

CoreHTTP is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue...

nginx ngx_http_process_request_headers()函数空指针引用拒绝服务漏洞

BUGTRAQ ID: 36839 CVECAN ID: CVE-2009-3896 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx服务器的src/http/ngxhttpparse.c文件的ngxhttpprocessrequestheaders函数中存在空指针引用错误，远程攻击者可以通过超长的URI来触发这个漏洞，导致worker进程崩溃。 Igor Sysoev nginx 0.8.x Igor Sysoev nginx 0.7.x Igor Sysoev nginx 0.6.x Igor Sysoev nginx 0.5.x Igor Sysoev nginx...

SuSE9 Security Update : permissions and filesystem (YOU Patch Number 10539)

It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...

SuSE9 Security Update : permissions (YOU Patch Number 10815)

It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary Command Execution

No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...

Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)

The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

CVE-2009-1434

Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...