sub frames software vulnerabilities
vulnerabilities.aspcode.net
Searching sub frames software vulnerabilities
Cisco Catalyst 2900 Virtual LAN (VLAN) switches
Catalyst
|
Cisco
|
Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag.
Multiple ethernet Network Interface Card (NIC)
Interface
|
ethernet
|
Multiple
|
Network
|
Card
|
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
The vty layer in Quagga before 0.96.4, and Zebr
Quagga
|
before
|
layer
|
vty
|
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Internet Explorer 5.01 through 6 SP1 allows rem
Explorer
|
Internet
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
Multiple cross-site scripting vulnerabilities (
vulnerabilities
|
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
Multiple SQL injection vulnerabilities in DUwar
vulnerabilities
|
authentication
|
DUclassified
|
underlying
|
attackers
|
injection
|
commands
|
database
|
Multiple
|
server's
|
execute
|
through
|
allows
|
DUware
|
remote
|
bypass
|
other
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
Secure Computing Corporation Sidewinder G2 6.1.
Corporation
|
Sidewinder
|
Computing
|
Secure
|
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.
Firefox 1.0 allows remote attackers to execute
"Firescrolling"
|
demonstrated
|
"privileged
|
arbitrary
|
scrollbar
|
attackers
|
content"
|
execute
|
certain
|
Firefox
|
plugins
|
frames
|
events
|
remote
|
allows
|
using
|
times
|
drags
|
user
|
load
|
into
|
code
|
aka
|
via
|
XUL
|
two
|
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
Firefox before 1.0.1 and Mozilla before 1.7.6 t
Firefox
|
before
|
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
Heap-based buffer overflow in the Sophos Antivi
PureMessage
|
MailMonitor
|
Heap-based
|
arbitrary
|
Antivirus
|
attackers
|
overflow
|
products
|
execute
|
Library
|
crafted
|
length
|
record
|
buffer
|
Sophos
|
remote
|
allows
|
Visio
|
other
|
code
|
used
|
file
|
via
|
sub
|
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
Linux kernel before 2.6.12 allows remote attack
before
|
kernel
|
Linux
|
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
Typsoft FTP Server 1.11, with "Sub Directory In
Typsoft
|
Server
|
FTP
|
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands.
Multiple stack-based buffer overflows in the Ai
stack-based
|
overflows
|
wireless
|
Multiple
|
AirPort
|
driver
|
buffer
|
Apple
|
Mac
|
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
Multiple SQL injection vulnerabilities in VBZoo
vulnerabilities
|
injection
|
Multiple
|
VBZooM
|
SQL
|
Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.
Mozilla Firefox before 1.5.0.7 and SeaMonkey be
Firefox
|
Mozilla
|
before
|
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
Static code injection vulnerability in add.php
vulnerability
|
attackers
|
SubSystem
|
injection
|
Mozzers
|
subsphp
|
remote
|
inject
|
Static
|
addphp
|
allows
|
into
|
code
|
via
|
PHP
|
Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php.
The web interface in Fujitsu-Siemens Computers
Fujitsu-Siemens
|
authentication
|
demonstrated
|
information
|
Computers
|
sensitive
|
attackers
|
accessing
|
interface
|
canceling
|
sub-page
|
PRIMERGY
|
contents
|
displays
|
remote
|
allows
|
obtain
|
Switch
|
dialog
|
field
|
using
|
Blade
|
BX300
|
which
|
still
|
form
|
web
|
The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm.
SQL injection vulnerability in view_sub_cat.php
view_sub_catphp
|
vulnerability
|
attackers
|
arbitrary
|
injection
|
parameter
|
commands
|
execute
|
cat_id
|
allows
|
remote
|
Buddy
|
Zone
|
SQL
|
via
|
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
SQL injection vulnerability in reply.php in VBZ
vulnerability
|
injection
|
replyphp
|
VBZooM
|
SQL
|
SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Software vulnerabilities results 1 to 20 of 53
Page:
1
2
3
►