Searching object software vulnerabilities

MSHTML.DLL HTML parser in Internet Explorer 4.0

attackers | MSHTMLDLL | Explorer | versions | Internet | service | remote | denial | parser | allows | other | cause | HTML |

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.


Lotus Domino Servers 5.x, 4.6x, and 4.5x allows

document's | attackers | intended | Servers | Reader | object | access | Author | Domino | allows | bypass | Lotus | Notes | call | list | API | 45x | 46x | via |

Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.


Microsoft Internet Explorer 5.01, 5.5 and 6.0 t

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.


Microsoft Internet Explorer 5.5 and 6.0 does no

Verification | executable | attackers | Microsoft | properly | Internet | Explorer | browser | objects | remote | client | "Cross | Object | invoke | within | domain | verify | window | allows | which | files | frame | does | read | Tag" | not | via | tag | aka |

Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag."


Microsoft Office Web Components (OWC) 2000 and

Components | Microsoft | Office | Web |

Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.


Microsoft Internet Explorer 5.0 through 6.0 all

attackers | Microsoft | Explorer | Internet | service | through | denial | allows | remote | cause |

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.


Heap-based buffer overflow in the Distributed C

Distributed | Heap-based | Component | overflow | Object | buffer | Model |

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.


Unknown vulnerability in Serviceguard A.11.13 t

vulnerability | Serviceguard | privileges | attackers | B030001 | A111404 | B020202 | B020102 | A111504 | through | A111600 | Unknown | vectors | Manager | Cluster | remote | attack | Object | allow | B0104 | A0103 | A1113 | HP-UX | Linux | gain | via |

Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors.


McFreeScan.CoMcFreeScan.1 ActiveX object in Mca

GetSpecialFolderLocation | McFreeScanCoMcFreeScan1 | information | parameters | attackers | sensitive | function | FreeScan | ActiveX | certain | object | allows | remote | obtain | Mcafee | via |

McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters.


Race condition in the memory management routine

management | processor | Microsoft | condition | Internet | Explorer | routines | memory | object | DHTML | Race |

Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".


(1) Java Runtime Environment (JRE) and (2) Soft


(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.


Microsoft Internet Explorer 5.01 through 6 does

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.


Unspecified vulnerability in Microsoft Hyperlin

vulnerability | Unspecified | Hyperlink | Microsoft | Library | Object |

Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."


Microsoft Internet Explorer 6 allows remote att

attackers | Microsoft | Explorer | Internet | service | denial | allows | remote | cause |

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.


Mozilla Firefox before 1.5.0.5, Thunderbird bef

Firefox | Mozilla | before |

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.


The Terminal Services COM object (tsuserex.dll)

Services | Terminal | object |

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.


Cross-zone scripting vulnerability in the WMI O

vulnerability | Cross-zone | scripting | Object | Broker | WMI |

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."


WordPress before 2.0.5 does not properly store

WordPress | before |

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.


Microsoft Internet Explorer 6 on Windows XP SP2

attackers | Microsoft | Explorer | Internet | service | Windows | denial | allows | remote | cause | SP2 |

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference.


The TSC Domain Manager in Hitachi TPBroker Obje

Transaction | Cosminexus | attackers | TPBroker | Monitor | service | through | Hitachi | Manager | denial | Domain | Object | cause | allow | 01-00 | 03-00 | might | TSC |

The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages.


Software vulnerabilities results 1 to 20 of 267     
Page: 12345...14