popup software vulnerabilities
vulnerabilities.aspcode.net
Searching popup software vulnerabilities
Microsoft Internet Explorer 5.01, 5.5 and 6.0 t
Microsoft
|
Explorer
|
Internet
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability.
Internet Explorer 6 allows remote attackers to
attackers
|
Explorer
|
Internet
|
service
|
denial
|
allows
|
remote
|
cause
|
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
Internet Explorer in Windows XP SP2, and other
including
|
versions
|
Internet
|
Explorer
|
Windows
|
other
|
SP2
|
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
Internet Explorer 6.x allows remote attackers t
Vulnerability"
|
drag-and-drop
|
"HijackClick
|
mousedown
|
arbitrary
|
Popupshow
|
attackers
|
programs
|
Internet
|
Explorer
|
Download
|
actions
|
"Script
|
install
|
window
|
events
|
remote
|
allows
|
method
|
Image
|
popup
|
File
|
call
|
use
|
via
|
aka
|
Tag
|
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."
Internet Explorer 6 allows remote attackers to
attackers
|
document
|
Internet
|
Explorer
|
blocker
|
object
|
remote
|
bypass
|
allows
|
popup
|
model
|
via
|
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.
The gui_popup_view_fly function in gui_tview_po
gui_popup_view_fly
|
gui_tview_popupc
|
function
|
junkie
|
The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename.
Cross-site scripting (XSS) vulnerability in Gad
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.
Internet Explorer 6.0 on Windows XP SP2 allows
script-initiated
|
facilitate
|
attackers
|
titlebar
|
phishing
|
Explorer
|
Internet
|
attacks
|
Windows
|
window
|
remote
|
allows
|
domain
|
which
|
could
|
spoof
|
popup
|
name
|
SP2
|
URL
|
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
Buffer overflow in the PopUp Plus 2.0.3.8 plugi
overflow
|
Buffer
|
PopUp
|
Plus
|
Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.
Firefox before 1.0.3 and Mozilla Suite before 1
Firefox
|
before
|
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
Gadu-Gadu 7.20 allows remote attackers to cause
Gadu-Gadu
|
Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads.
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.
Mozilla Firefox 1.x before 1.5 and 1.0.x before
Firefox
|
Mozilla
|
before
|
10x
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
Cross-site scripting (XSS) vulnerability in pop
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument.
The popup blocker in Mozilla Firefox before 1.5
Mozilla
|
Firefox
|
blocker
|
before
|
popup
|
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Cross-zone vulnerability in Mozilla Firefox 1.5
vulnerability
|
Cross-zone
|
Firefox
|
Mozilla
|
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Cross-site scripting (XSS) vulnerability in ski
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
Cross-domain vulnerability in WebCore on Apple
vulnerability
|
Cross-domain
|
WebCore
|
Apple
|
Mac
|
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window.
** DISPUTED ** Mozilla Firefox 2.0.0.4 allows
DISPUTED
|
Firefox
|
Mozilla
|
** DISPUTED ** Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition."
PHP remote file inclusion vulnerability in popu
popup_windowphp
|
vulnerability
|
site_isp_root
|
Squirrelcart
|
parameter
|
arbitrary
|
attackers
|
inclusion
|
probably
|
execute
|
related
|
earlier
|
cartphp
|
remote
|
allows
|
code
|
file
|
1xx
|
URL
|
via
|
PHP
|
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
Software vulnerabilities results 1 to 20 of 25
Page:
1
2
►