sheets software vulnerabilities
vulnerabilities.aspcode.net
Searching sheets software vulnerabilities
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird b
Mozilla
|
Mail
|
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.
Unspecified vulnerability in the web client for
vulnerability
|
Unspecified
|
ClearQuest
|
Rational
|
client
|
web
|
IBM
|
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).
The Saxon XSLT parser in Google Mini Search App
information
|
arbitrary
|
Appliance
|
dangerous
|
attribute
|
attackers
|
sensitive
|
possibly
|
methods
|
execute
|
select
|
obtain
|
parser
|
Google
|
Search
|
remote
|
allows
|
class
|
Saxon
|
Mini
|
XSLT
|
Java
|
code
|
via
|
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Microsoft Internet Explorer allows remote attac
cross-domain
|
restrictions
|
information
|
Microsoft
|
sensitive
|
Cascading
|
directive
|
attackers
|
download
|
Internet
|
Explorer
|
security
|
@import
|
domains
|
allows
|
remote
|
bypass
|
obtain
|
Sheets
|
valid
|
Style
|
files
|
using
|
other
|
not
|
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
Validate-before-filter vulnerability in cleanht
Validate-before-filter
|
vulnerability
|
cleanhtmlpl
|
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
Cross-site scripting (XSS) vulnerability in Moz
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding CSS (Cascading Style Sheets) property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.
Internet Explorer 6 allows remote attackers to
attackers
|
Explorer
|
Internet
|
service
|
denial
|
allows
|
remote
|
cause
|
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
The CSS border-rendering code in Mozilla Firefo
border-rendering
|
Thunderbird
|
Firefox
|
Mozilla
|
before
|
code
|
10x
|
CSS
|
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
Jelsoft vBulletin accepts uploads of Cascading
vBulletin
|
Cascading
|
uploads
|
Jelsoft
|
accepts
|
Sheets
|
Style
|
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
Cross-site scripting (XSS) vulnerability in sub
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.
Opera 9 allows remote attackers to cause a deni
attackers
|
service
|
denial
|
allows
|
remote
|
Opera
|
cause
|
Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.
Microsoft Internet Explorer 5 SP4 and 6 do not
collection"
|
styleSheets
|
"multiple
|
Cascading
|
construct
|
Microsoft
|
Explorer
|
properly
|
Internet
|
imports
|
collect
|
garbage
|
Sheets
|
chain
|
Style
|
used
|
not
|
SP4
|
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
Cross-site scripting (XSS) vulnerability in Sun
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
Cross-site scripting (XSS) vulnerability in Mir
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
Unspecified vulnerability in Internet Explorer
vulnerability
|
Unspecified
|
Explorer
|
Internet
|
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
Unspecified vulnerability in Microsoft Internet
vulnerability
|
Unspecified
|
attackers
|
arbitrary
|
Cascading
|
Microsoft
|
Internet
|
Explorer
|
crafted
|
execute
|
allows
|
remote
|
Sheets
|
Style
|
code
|
via
|
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
Software vulnerabilities results 1 to 17 of 17
Page:
1