49 matches found
EUVD-2003-0598
Malware in sbrugna...
MS02-008: XMLHTTP control in MSXML 4.0 can allow access to local files
For additional information about this vulnerability, click the following article numbers to view the articles in the Microsoft Knowledge Base:318203 MS02-008: XMLHTTP control in MSXML 3.0 can allow access to local files318202 MS02-008: XMLHTTP control in MSXML 2.0 can allow access to local...
Internet Explorer 5.0.1,Opera 7.51 URI Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10517/info A weakness is reported in Microsoft Internet Explorer and Opera allowing an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive...
Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE...
CVE-2010-4388
The 1 Upsell.htm, 2 Main.html, and 3 Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended...
CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass Advisory Information Title: Internet Explorer Zone Elevation Restrictions...
CVE-2007-1947
Affected software: Firebug extension for Mozilla Firefox (DOM templates used by console.log, domplates). Vulnerability: Cross-zone scripting via overwriting toString in anonymous functions within domplates, enabling bypass of zone restrictions and potential read of file:// URIs or code execution ...
CVE-2007-1878
Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...
CVE-2007-1878
CVE-2007-1878 describes a Cross-zone scripting weakness in the DOM templates (domplates) used by Firebug’s console.log in Firefox, allowing remote execution by bypassing zone restrictions and reading file:// URIs via the runFile path, due to lack of HTML escaping in the property name. It affects ...
Cross site scripting
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...
CVE-2007-0706
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...
CVE-2007-0706
Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are...
CVE-2007-0705
CVE-2007-0705 affects Sleipnir 2.49 and earlier and Portable Sleipnir 2.45 and earlier. The vulnerability arises from RSS data handling in Sleipnir’s RSS bar, allowing a cross-zone scripting attack that bypasses Web content zone restrictions and could cause arbitrary script execution in an inappr...
CVE-2007-0705
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information...
Microsoft Visual Studio 2005 WMI Object Broker vulnerability
Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...
Microsoft Visual Studio 2005 WMI Object Broker vulnerability
Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...
Microsoft Visual Studio 2005 WMI Object Broker vulnerability
Added: 01/15/2007 CVE: CVE-2006-4704 BID: 20843 OSVDB: 30155 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Problem A flaw in the WMI Object Broker ActiveX control allows attackers to bypass security zone restrictions, leading ...
CVE-2006-4704
Cross-zone scripting vulnerability in the WMI Object Broker WMIScriptUtils.WMIObjectBroker2 ActiveX control WmiScriptUtils.dll in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Objec...
CVE-2006-4704
CVE-2006-4704 is a cross-zone scripting vulnerability in the WMIScriptUtils.WMIObjectBroker2 ActiveX control (WmiScriptUtils.dll) shipped with Visual Studio 2005. The flaw allows a remote attacker to bypass Internet Explorer zone restrictions and execute arbitrary code by instantiating dangerous ...
VulnCheck KEV: CVE-2004-0727
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as...