4543 matches found
CVE-2003-0817
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object...
CVE-2003-0814
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...
CVE-2003-0816
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by 1 using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, 2 using the window.open method to load a file: URL containing Javascript, as demonstrated using...
CVE-2003-0815
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by 1 modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or 2 modifying the createRange method and using the...
Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)
source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the issue presents itself due to a failure by Internet Explorer to remove JavaScri...
ZH2004-03SA.txt
ZH2004-03SA security advisory: Photopost PHP Pro 4.6 Sql Injection Vulnerability Published: 02 february 2004 Released: 02 february 2004 Name: Photopost PHP Pro Affected Systems: 4.6 and prior versions Issue: Sql Injection Vulnerability Author: G00db0y from Zone-h Security Labs - [email protected]...
Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)
Microsoft Internet Explorer 5 - NavigateAndFind Cross-Zone Policy MS04-004 source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the iss...
ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary files retrieving
ZH2004-01SA security advisory: Web Blog 1.1 Remote arbitrary files retrieving Published: 28 january 2004 Released: 28 january 2004 Name: Web Blog Affected Systems: 1.1 Issue: Remote file retrieving Author: Zone-h Security Labs Vendor: http://leifwright.com Description Zone-h Security Team has...
ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving
ZH2004-02SA security advisory: PJ CGI Neo review NeoBoard review Remote arbitrary file retrieving Published: 29 january 2004 Released: 29 january 2004 Name: PJ CGI Neo review NeoBoard review Affected Systems: Current version Issue: Remote file retrieving Author: Zone-h Security Labs Vendor:...
ZH2004-02SA.txt
ZH2004-02SA security advisory: PJ CGI Neo review NeoBoard review Remote arbitrary file retrieving Published: 29 january 2004 Released: 29 january 2004 Name: PJ CGI Neo review NeoBoard review Affected Systems: Current version Issue: Remote file retrieving Author: Zone-h Security Labs Vendor:...
ZH2004-01SA.txt
ZH2004-01SA security advisory: Web Blog 1.1 Remote arbitrary files retrieving Published: 28 january 2004 Released: 28 january 2004 Name: Web Blog Affected Systems: 1.1 Issue: Remote file retrieving Author: Zone-h Security Labs Vendor: http://leifwright.com Description Zone-h Security Team has...
CVE-2003-1026
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back back function is called, as demonstrated by BackToFramedJpu, aka th...
CVE-2003-0814
CVE-2003-0814 affects Internet Explorer 6 SP1 and earlier. The flaw, known as ExecCommand Cross Domain, allows a malicious page to bypass cross-domain zone restrictions and execute Javascript or potentially run code in the user’s context by abusing the window.execCommand('Refresh') flow. Connecte...
CVE-2003-0815
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by 1 modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or 2 modifying the createRange method and using the...
CVE-2003-0814
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand"Refresh" to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability...
CVE-2003-0815
CVE-2003-0815 concerns cross-domain vulnerabilities in Internet Explorer 6 SP1 and earlier. The connected OpenVAS and NVD entries describe three CAN-2003-0814/0815/0816 variants (ExecCommand, Function Pointer Override, Script URL) that could bypass the browser’s cross-domain security model, enabl...
CVE-2003-0816
CVE-2003-0816 applies to Internet Explorer 6 SP1 and earlier and is the Script URLs Cross Domain vulnerability (CAN-2003-0816). It allows a remote attacker to bypass IE’s cross-domain security by abusing scripted navigation and framing techniques (NavigateAndFind with file:JavaScript URLs, window...
CVE-2003-0817
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object...
CVE-2003-0816
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by 1 using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, 2 using the window.open method to load a file: URL containing Javascript, as demonstrated using...
CVE-2003-1026
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back back function is called, as demonstrated by BackToFramedJpu, aka th...