744 matches found
CVE-2006-7065
Microsoft Internet Explorer allows remote attackers to cause a denial of service crash via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference...
Integer overflow
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...
CVE-2006-1834
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...
CVE-2006-1834
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...
CVE-2006-1834
Opera before 8.54 is affected by a vulnerability caused by an integer signedness error in the handling of long values in a stylesheet attribute, which can bypass a length check and potentially allow remote code execution. This is documented in multiple sources associated with CVE-2006-1834, inclu...
Opera browser integer overflow
Integer overflow on long stylsheet sttribute. Can potentially be used for hidden malware installation...
Oracle XSQL Stylesheet Vulnerability
The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. OpenVAS Vulnerability Test $Id: oraclexsql.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle XSQL Stylesheet...
Oracle XSQL Stylesheet Vulnerability
The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. SPDX-FileCopyrightText: 2000 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...
CVE-2005-0588
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...
GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200503-10 Mozilla Firefox: Various vulnerabilities The following vulnerabilities were found and fixed in Mozilla Firefox: Michael Krax reported that plugins can be used to load privileged content and trick the user to interact wit...
security flaw
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...
Opera < 8.54 signedness StyleSheet Overflow
Binary data 3515.prm...
CVE-2004-0310
CVE-2004-0310 describes a cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1. The issue arises in the site’s stylesheet handling, where semicolon/parentheses are not stripped, enabling a remote attacker to execute JavaScript as another user via a crafted stylesheet (demonstrated ...
CVE-2002-0169
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...
CVE-2002-0191
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability...
CVE-2002-0618
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution"...
Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service
source: https://www.securityfocus.com/bid/5027/info A problem with Microsoft Internet Explorer may make it possible to deny service to users of the browser. The problem is in the handling of certain types of stylesheet input. It may be possible to crash IE. When IE encounters a style sheet with t...
CVE-2002-0169
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...
CVE-2002-0191
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability...
[NT] Excel XP XML Stylesheet Security Problem
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're...