rendered software vulnerabilities
vulnerabilities.aspcode.net
Searching rendered software vulnerabilities
FrontRange GoldMine mail agent 5.70 and 6.00 be
FrontRange
|
GoldMine
|
agent
|
mail
|
FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.
Hastymail 1.0.1 and earlier (stable) and 1.1 an
Hastymail
|
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.
WebcamXP PRO v2.16.468 and earlier allows remot
attackers
|
properly
|
prevents
|
WebcamXP
|
rendered
|
service
|
v216468
|
earlier
|
display
|
remote
|
allows
|
denial
|
takes
|
space
|
which
|
being
|
frame
|
cause
|
chat
|
long
|
name
|
much
|
PRO
|
via
|
too
|
WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered.
The HTML rendering engine in Microsoft Internet
cross-site
|
Microsoft
|
attackers
|
rendering
|
scripting
|
Explorer
|
Internet
|
conduct
|
engine
|
remote
|
allows
|
HTML
|
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.
Multiple interpretation error in the image uplo
interpretation
|
Invision
|
handling
|
Multiple
|
Gallery
|
upload
|
image
|
error
|
code
|
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Invision Gallery.
Validate-before-filter vulnerability in cleanht
Validate-before-filter
|
vulnerability
|
cleanhtmlpl
|
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
viewcvs in ViewCVS 0.9.2 allows remote attacker
viewcvs
|
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.
Cross-site scripting (XSS) vulnerability in web
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline.
Cross-site scripting (XSS) vulnerability in Lot
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
Cross-site scripting (XSS) vulnerability in XMB
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.
Cross-site scripting (XSS) vulnerability in att
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
Cross-site scripting (XSS) vulnerability in The
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.
QuickTime for Java on Mac OS X 10.4 through 10.
QuickTime
|
Java
|
Mac
|
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.
Cross-site scripting (XSS) vulnerability in Win
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
Software vulnerabilities results 1 to 15 of 15
Page:
1