Searching style software vulnerabilities

Hotmail allows Javascript to be executed via th

Javascript | attackers | commands | allowing | executed | Hotmail | execute | account | remote | user's | allows | STYLE | HTML | via | tag |

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.


Quake 1 server responds to an initial UDP game

connection | attackers | amplifier | spoofing | responds | traffic | "Smurf" | request | another | initial | remote | server | allows | attack | amount | style | large | which | Quake | host | game | use | UDP |

Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.


Hosting Controller 1.4.1 and earlier allows rem

Controller | Hosting |

Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.


showtemp.cfm for Gafware CFXImage 1.6.6 allows

showtempcfm | CFXImage | Gafware |

showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to read arbitrary files via (1) a .. or (2) a C: style pathname in the FILE parameter.


ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310

Prestige | ZyXEL | 642R |

ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet.


Microsoft Internet Explorer 5.5 through 6.0 all

attackers | Microsoft | Explorer | Internet | service | through | denial | allows | remote | cause |

Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.


Vignette StoryServer and Vignette V/5 allows re

StoryServer | information | /vgn/style | attackers | sensitive | template | Vignette | request | remote | allows | obtain | V/5 | via |

Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template.


Cross-site scripting (XSS) vulnerability in Web

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.


Microsoft Front Page allows attackers to cause

attackers | Microsoft | service | denial | allows | Front | cause | Page |

Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.


PHP-Fusion allows remote attackers to inject ar

PHP-Fusion | attackers | arbitrary | Cascading | Sheets | allows | remote | inject | Style |

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.


Integer overflow in Apple QuickTime before 7.0.

QuickTime | overflow | Integer | before | Apple |

Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.


Unspecified vulnerability in the web client for

vulnerability | Unspecified | ClearQuest | Rational | client | web | IBM |

Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).


Buffer overflow in the SVG importer (style.cpp)

importer | overflow | Buffer | SVG |

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.


Argument injection vulnerability in scponlyc in

specifications | vulnerability | compatability | applications | arbitrary | injection | "getopt" | Argument | scponlyc | filtered | execute | earlier | scponly | enabled | allows | rsync | which | style | users | local | both | not | via | scp |

Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatability are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.


Argument injection vulnerability in TellMe 1.2

vulnerability | information | arguments | attackers | parameter | sensitive | injection | Argument | earlier | program | options | command | q_Host | TellMe | obtain | allows | modify | remote | style | Whois | line | "--" | via |

Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.


Opera 8.02 and earlier allows remote attackers

Opera |

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.


BIND 4 (BIND4) and BIND 8 (BIND8), if used as a

BIND |

BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.


Invision Power Board (IPB) 2.1.4 and earlier al

Invision | Board | Power |

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.


Internet Explorer 6 allows remote attackers to

attackers | Explorer | Internet | service | denial | allows | remote | cause |

Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.


Cross-site scripting (XSS) vulnerability in sub

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.


Software vulnerabilities results 1 to 20 of 83     
Page: 12345